Beruflich Dokumente
Kultur Dokumente
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Additional References for LISP Support for Disjoint RLOC Domains 223
Feature Information for LISP Support for Disjoint RLOC Domains 224
Feature Information
Use Cisco Feature Navigator to find information about feature support, platform support, and Cisco software
image support. An account on Cisco.com is not required.
Related References
• Cisco IOS Command References, All Releases
Splitting EID and RLOC functions yields several advantages including improved routing system scalability,
and improved multihoming efficiency and ingress traffic engineering.
LISP functionality requires LISP-specific configuration of one or more LISP-related devices, such as the
LISP egress tunnel router (ETR), ingress tunnel router (ITR), proxy ETR (PETR), proxy ITR (PITR), map
resolver (MR), map server (MS), and LISP alternative logical topology (ALT) device.
which, in turn, determines the hardware, software, and additional support from LISP mapping services and
proxy services that are required to complete the deployment.
LISP configuration requires the datak9 license.
The figure below displays a general overview illustration of a LISP deployment environment, including the
three essential environments that exist in a LISP environment: LISP sites (EID namespace), non-LISP sites
(RLOC namespace), and LISP mapping service (infrastructure).
As illustrated in the figure, the LISP EID namespace represents customer end sites in the same way that end
sites are defined in non-LISP environments with one difference: The IP addresses used within these LISP
sites are not advertised within the non-LISP Internet (RLOC namespace). Instead, end-customer LISP
functionality is deployed exclusively on customer endpoint routers, which perform both the egress tunnel
router (ETR) and ingress tunnel router (ITR) functions of a LISP device (abbreviated as xTR in the figure).
To fully implement LISP with support for mapping services and Internet interworking may require additional
LISP infrastructure components as part of the deployment. As displayed in the figure above, these additional
LISP infrastructure components include devices that function in the LISP roles of map resolver (MR), map
server (MS), proxy egress tunnel router (PETR), proxy ingress tunnel router (PITR), and LISP alternative
logical topology (ALT) device.
need to be propagated throughout the entire network. An MS or combined MR/MS may also be configured
to perform the functions of an ALT router.
Note Sometimes the Map-Reply message will indicate that the destination is not an EID. When this happens,
a negative mapping cache entry is created, which causes packets to either be discarded or forwarded
natively when the packets match that cache entry.
Like the ETR, an ITR is usually implemented in a LISP site’s customer premises equipment (CPE) router,
which is typically configured as an xTR (performs functions of both ETR and ITR components).
When an MR is implemented concurrently with an MS in a private mapping system deployment, the concurrent
MS forwards the encapsulated Map-Request messages to the authoritative ETRs. When a LISP ALT is present
in the deployment, the MR forwards the Map-Request messages directly over the ALT to the MS responsible
for the ETRs that are authoritative for the requested EIDs. An MR also sends Negative Map-Replies to ITRs
in response to queries for non-LISP addresses.
implementing ITR functionality, a PITR also advertises some or all of the non-routable EID prefix space to
the part of the non-LISP-capable Internet that it serves so that the non-LISP sites will route traffic toward the
PITR for encapsulation and forwarding to LISP sites.
Note PITR advertising of nonroutable EID prefix space is intended to be highly aggregated with many EID
prefixes represented by each prefix that is advertised by a PITR.
Like the PETR, when dual-stacked, the PITR also provides multiple-address family support. But the PITR
supports transport of non-LISP traffic from one address family to LISP sites in the same address family over
a core network within a different address family.
Example
A LISP site with IPv4-only RLOC connectivity can take advantage of a dual-stacked PITR to allow non-LISP
IPv6 Internet users to reach IPv6 EIDs across the IPv4 Internet.
The PITR function is commonly configured on a device that also functions as a PETR. A device that functions
as both a PETR and a PITR is known as a PxTR. Additionally, a PITR carries LISP data plane traffic and can
be a high packet-rate device. To take advantage of this high packet-rate capability, deployments typically
include hardware-switched platforms or high-end Cisco® Integrated Services Routers (ISRs).
Configure a Dual-Homed LISP Site with Two IPv4 RLOCs and an IPv4 EID
Perform this task to configure a dual-homed LISP site with two IPv4 RLOCs and an IPv4 EID. In this task,
a LISP site uses a single edge router configured as both an ITR and an ETR (known as an xTR) with two
connections to upstream providers. Both of the RLOCs and the EID prefix are IPv4. The LISP site registers
to two map resolver/map server (MR/MS) devices in the network core. The topology used in this LISP
configuration is shown in the figure below.
Figure 2: Dual-Homed LISP Site with Two IPv4 RLOCs and an IPv4 EID
The components illustrated in the topology shown in the figure are described below:
• LISP site:
• The CPE functions as a LISP ITR and ETR (xTR).
• The LISP xTR is authoritative for the IPv4 EID prefix of 172.16.1.0/24.
• The LISP xTR has two RLOC connections to the core. The RLOC connection to SP1 is 10.1.1.2/30;
the RLOC connection to SP2 is 10.2.1.2/30.
• For this simple dual-homed configuration, the LISP site policy specifies equal load sharing between
service provider (SP) links for ingress traffic engineering.
• Mapping system:
• Two map resolver/map server (MR/MS) systems are assumed to be available for the LISP xTR to
configure. The MR/MSs have IPv4 RLOCs 10.10.10.10 and 10.10.30.10.
• Mapping Services are assumed to be provided as part of this LISP solution via a private mapping
system or as a public LISP mapping system. From the perspective of the configuration of this LISP
site xTR, there is no difference.
Note Map server and map resolver configurations are not shown here. See the "Configure a
Private LISP Mapping System Using a Standalone Map Resolver/Map Server" section
for information about map server and map resolver configuration.
This task shows how to enable and configure LISP ITR and ETR (xTR) functionality when using a LISP map
server and map resolver for mapping services.
SUMMARY STEPS
1. configure terminal
2. router lisp
3. Do one of the following:
• database-mapping EID-prefix/prefix-length locator priority priority weight weight
• database-mapping EID-prefix/prefix-length ipv4-interface locator priority priority weight weight
DETAILED STEPS
Example:
Router# configure terminal
Example:
Router(config)# router lisp
Step 3 Do one of the following: Configures an EID-to-RLOC mapping relationship and its associated traffic
policy for this LISP site.
• database-mapping
EID-prefix/prefix-length locator • In this step example, a single EID prefix, 172.16.1.0/24, is being
priority priority weight weight associated with the single IPv4 RLOC 10.1.1.2 but the weight
Example:
Router(config-router-lisp)#
database-mapping 172.16.1.0/24
ipv4-interface GigabitEthernet0/0/0
priority 1 weight 50
Example:
Router(config-router-lisp)# ipv4 itr
Step 6 ipv4 etr Enables LISP ETR functionality for the IPv4 address family.
Example:
Router(config-router-lisp)# ipv4 etr
Step 7 ipv4 itr map-resolver map-resolver-address Configures the locator address of the LISP map resolver to which this
router will send Map-Request messages for IPv4 EID-to-RLOC mapping
Example: resolutions.
Router(config-router-lisp)# ipv4 itr • The locator address of the map resolver may be an IPv4 or IPv6
map-resolver 10.10.10.10 address. In this example, because each xTR has only IPv4 RLOC
connectivity, the map resolver is reachable via its IPv4 locator
address. (See the LISP Command Reference for more details.)
Example:
Router(config-router-lisp)# exit
Step 10 ip route ipv4-prefix next-hop Configures a default route to the upstream next hop for all IPv4
destinations.
Example: • All IPv4 EID-sourced packets destined to both LISP and non-LISP
Router(config)# ip route 0.0.0.0 sites are forwarded in one of two ways:
0.0.0.0 10.1.1.1
• LISP-encapsulated to a LISP site when traffic is LISP-to-LISP
• natively forwarded when traffic is LISP-to-non-LISP.
Example:
Router(config)# exit
Example:
Figure 3: Dual-Homed LISP Site with Two IPv4 RLOCs and an IPv4 EID
This example shows the complete configuration for the LISP topology illustrated in the figure above and in
this task.
hostname xTR
!
no ip domain lookup
ip cef
!
interface Loopback0
ip address 172.17.1.1 255.255.255.255
!
interface LISP0
!
interface GigabitEthernet0/0/0
description Link to SP1 (RLOC)
ip address 10.1.1.2 255.255.255.252
!
interface GigabitEthernet0/0/1
description Link to SP2 (RLOC)
ip address 10.2.1.2 255.255.255.252
!
interface GigabitEthernet1/0/0
description Link to Site (EID)
ip address 172.16.1.1 255.255.255.0
!
router lisp
database-mapping 172.16.1.0/24 10.1.1.2 priority 1 weight 50
database-mapping 172.16.1.0/24 10.2.1.2 priority 1 weight 50
ipv4 itr
ipv4 etr
ipv4 itr map-resolver 10.10.10.10
ipv4 itr map-resolver 10.10.30.10
ipv4 etr map-server 10.10.10.10 key 0 some-key
ipv4 etr map-server 10.10.30.10 key 0 some-key
exit
!
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip route 0.0.0.0 0.0.0.0 10.2.1.1
Configure a Multihomed LISP Site with Two xTRs and Two IPv4 RLOCs and
an IPv4 EID
Perform this task to configure a multihomed LISP site with two xTRs, two IPv4 RLOCs, and an IPv4 EID.
In this task, a LISP site uses two edge routers. Each edge router is configured as an xTR (each performs as
both an ITR and an ETR) and each also includes a single IPv4 connection to an upstream provider. (Two
different providers are used in this example but the same upstream provider could be used for both connections.)
Both of the RLOCs and the EID prefix are IPv4. The LISP site registers to two map resolver/map server
(MR/MS) devices in the network core. The topology used in this typical multihomed LISP configuration is
shown in the figure below.
Figure 4: Typical Multihomed LISP Site with Two xTRs and Two IPv4 RLOCs and an IPv4 EID
The components illustrated in the topology shown in the figure are described below:
• LISP site:
• Two CPE routers make up the LISP site: xTR-1 and xTR-2.
• Both CPE routers function as LISP xTRs (that is, an ITR and an ETR).
• The LISP site is authoritative for the IPv4 EID prefix of 172.16.1.0/24.
• Each LISP xTR has a single IPv4 RLOC connection to the core: the RLOC connection for xTR-1
to SP1 is 10.1.1.2/30; the RLOC connection for xTR-2 to SP2 is 10.2.1.2/30.
• For this multihomed case, the LISP site policy specifies equal load-sharing between service provider
(SP) links for ingress traffic engineering.
• Mapping system:
• Two map resolver/map server (MR/MS) systems are assumed to be available for the LISP xTR to
configure. The MR/MSs have IPv4 RLOCs 10.10.10.10 and 10.10.30.10.
• Mapping services are assumed to be provided as part of this LISP solution via a private mapping
system or as a public LISP mapping system. From the perspective of the configuration of these
LISP site xTRs, there is no difference.
Note Map server and map resolver configurations are not shown here. See the "Configure a
Private LISP Mapping System Using a Standalone Map Resolver/Map Server" section
for information about map server and map resolver configuration.
Perform the steps in this task (once through for each xTR in the LISP site) to enable and configure LISP ITR
and ETR (xTR) functionality when using a LISP map server and map resolver for mapping services. The
example configurations at the end of this task show the full configuration for configuring two xTRs (xTR1
and xTR2).
SUMMARY STEPS
1. configure terminal
2. router lisp
3. database-mapping EID-prefix/prefix-length locator priority priority weight weight
4. Repeat Step 3 to configure a second RLOC for the same xTR.
5. ipv4 itr
6. ipv4 etr
7. ipv4 itr map-resolver map-resolver-address
8. Repeat Step 7 to configure a second locator address for the map resolver.
9. ipv4 etr map-server map-server-address key key-type authentication-key
10. Repeat Step 9 to configure a second locator address for the map server.
11. exit
12. ip route ipv4-prefix next-hop
13. exit
DETAILED STEPS
Example:
Router# configure terminal
Example:
Router(config)# router lisp
Step 3 database-mapping Configures an EID-to-RLOC mapping relationship and its associated traffic
EID-prefix/prefix-length locator priority policy for this LISP site.
priority weight weight
• In this step example, a single EID prefix, 172.16.1.0/24, is being
associated with a LISP site that contains two separate xTRs. Each xTR
Example: has a single IPv4 RLOC connection to the core. In this example, xTR-1
Router(config-router-lisp)# has an IPv4 RLOC connection to SP1 at 10.1.1.2 but the weight
database-mapping 172.16.1.0/24 argument of 50 signifies that a second database-mapping command
10.1.1.2 priority 1 weight 50
is to be configured in the next step.
Example:
Router(config-router-lisp)# ipv4 itr
Step 6 ipv4 etr Enables LISP ETR functionality for the IPv4 address family.
Example:
Router(config-router-lisp)# ipv4 etr
Step 7 ipv4 itr map-resolver Configures a locator address for the LISP map resolver to which this router
map-resolver-address will send Map-Request messages for IPv4 EID-to-RLOC mapping resolutions.
• The locator address of the map resolver may be an IPv4 or IPv6 address.
Example: In this example, because each xTR has only IPv4 RLOC connectivity,
Router(config-router-lisp)# ipv4 itr the map resolver is reachable via its IPv4 locator address. (See the LISP
map-resolver 10.10.10.10 Command Reference for more details.)
Step 9 ipv4 etr map-server map-server-address Configures a locator address for the LISP map server and an authentication
key key-type authentication-key key that this router, acting as an IPv4 LISP ETR, will use to register with the
LISP mapping system.
Example: • In this example, each xTR must register to both map servers.
Router(config-router-lisp)# ipv4 etr
map-server 10.10.10.10 key 0 • The map server must be configured with EID prefixes matching those
some-key configured on this ETR and with an identical authentication key.
Note The locator address of the map server may be an IPv4 or IPv6
address. In this example, because each xTR has only IPv4 RLOC
connectivity, the map server is reachable via its IPv4 locator address.
(See the LISP Command Reference for more details.)
Note Up to two map servers may be configured if multiple map servers
are available. (See the LISP Command Reference for more details.)
Step 10 Repeat Step 9 to configure a second locator Configures a second locator address for the LISP map server and the
address for the map server. authentication key that this router will use to register with the LISP mapping
system.
Example:
Router(config-router-lisp)# ipv4 etr
map-server 10.10.30.10 key 0
some-key
Step 11 exit Exits LISP configuration mode and returns to global configuration mode.
Example:
Router(config-router-lisp)# exit
Step 12 ip route ipv4-prefix next-hop Configures a default route to the upstream next hop for all IPv4 destinations.
• All IPv4 EID-sourced packets destined to both LISP and non-LISP sites
Example: are forwarded in one of two ways:
Router(config)# ip route 0.0.0.0
0.0.0.0 10.1.1.1 • LISP-encapsulated to a LISP site when traffic is LISP-to-LISP
• natively forwarded when traffic is LISP-to-non-LISP
In this configuration example, because the xTR has IPv4 RLOC connectivity,
a default route to the upstream SP is used for all IPv4 packets to support LISP
processing.
Example:
Router(config)# exit
Example:
Figure 5: Typical Multihomed LISP Site with Two xTRs and Two IPv4 RLOCs and an IPv4 EID
The examples below show the complete configuration for the LISP topology illustrated in the figure above
and in this task:
Example configuration for xTR-1:
!
hostname xTR-1
!
no ip domain lookup
ip cef
!
interface Loopback0
ip address 172.17.1.1 255.255.255.255
!
interface LISP0
!
interface GigabitEthernet0/0/0
description Link to SP1 (RLOC)
ip address 10.1.1.2 255.255.255.252
!
interface GigabitEthernet1/0/0
description Link to Site (EID)
ip address 172.16.1.2 255.255.255.0
!
router lisp
database-mapping 172.16.1.0/24 10.1.1.2 priority 1 weight 50
database-mapping 172.16.1.0/24 10.2.1.2 priority 1 weight 50
ipv4 itr
ipv4 etr
ipv4 itr map-resolver 10.10.10.10
ipv4 itr map-resolver 10.10.30.10
ipv4 etr map-server 10.10.10.10 key 0 some-key
ipv4 etr map-server 10.10.30.10 key 0 some-key
exit
!
ip route 0.0.0.0 0.0.0.0 10.1.1.1
Example configuration for xTR-2:
!
hostname xTR-2
!
no ip domain lookup
ip cef
!
interface Loopback0
ip address 172.17.1.2 255.255.255.255
!
interface LISP0
!
interface GigabitEthernet0/0/0
description Link to SP2 (RLOC)
ip address 10.2.1.2 255.255.255.252
!
interface GigabitEthernet1/0/0
description Link to Site (EID)
ip address 172.16.1.3 255.255.255.0
!
router lisp
database-mapping 172.16.1.0/24 10.1.1.2 priority 1 weight 50
database-mapping 172.16.1.0/24 10.2.1.2 priority 1 weight 50
ipv4 itr
ipv4 etr
ipv4 itr map-resolver 10.10.10.10
ipv4 itr map-resolver 10.10.30.10
ipv4 etr map-server 10.10.10.10 key 0 some-key
ipv4 etr map-server 10.10.30.10 key 0 some-key
exit
!
ip route 0.0.0.0 0.0.0.0 10.2.1.1
Configure a Multihomed LISP Site with Two xTRs and Two IPv4 RLOCs and
Both an IPv4 and an IPv6 EID
Perform this task to configure a multihomed LISP site with two xTRs, two IPv4 RLOCs, and both an IPv4
and an IPv6 EID. In this task, a LISP site uses two edge routers. Each edge router is configured as an xTR
(each performs as both an ITR and an ETR) and each also includes a single IPv4 connection to an upstream
provider. (Two different providers are used in this example but the same upstream provider could be used for
both connections.) Both of the RLOCs and one of the EIDs are IPv4. However, in this example, the LISP site
includes an IPv6 EID, as well.
This LISP site requires the use of Proxy Ingress/Egress Tunnel Router (PxTR) LISP infrastructure for access
to non-LISP IPv6 addresses. That is, the LISP site uses only its IPv4 RLOCs to reach IPv6 LISP and non-LISP
addresses. Additionally, this LISP site registers to two map resolver/map server (MR/MS) devices in the
network core. The topology used in this multihomed LISP configuration is shown in the figure below.
Figure 6: Multihomed LISP Site with Two xTRs, Two IPv4 RLOCs, and Both an IPv4 and an IPv6 EID
The components illustrated in the topology shown in the figure are described below:
• LISP site:
• Two CPE routers make up the LISP site: xTR-1 and xTR-2.
• Both CPE routers function as LISP xTRs (that is, an ITR and an ETR).
• The LISP site is authoritative for both the IPv4 EID prefix of 172.16.1.0/24 and the IPv6 EID
prefix 2001:db8:a::/48.
• Each LISP xTR has a single RLOC connection to the core: the RLOC connection for xTR-1 to
SP1 is 10.1.1.2/30; the RLOC connection for xTR-2 to SP2 is 10.2.1.2/30.
• For this multihomed case, the LISP site policy specifies equal load-sharing between service provider
(SP) links for ingress traffic engineering.
• Mapping system:
• Two map resolver/map server (MR/MS) systems are assumed to be available for the LISP xTR to
configure. The MR/MSs have IPv4 RLOCs 10.10.10.10 and 10.10.30.10.
• Mapping services are assumed to be provided as part of this LISP solution via a private mapping
system or as a public LISP mapping system. From the perspective of the configuration of these
LISP site xTRs, there is no difference.
Note Map server and map resolver configurations are not shown here. See the "Configure a
Private LISP Mapping System Using a Standalone Map Resolver/Map Server" section
for information about map server and map resolver configuration.
• PxTR services are also assumed to be provided as part of this LISP solution via a private or public
mapping system. From the perspective of the configuration of these LISP site xTRs, there is no
difference.
• The PxTRs have IPv4 RLOCs of 10.10.10.11 and 10.10.30.11 and will be used (as PETRs) for
LISP IPv6 EIDs to reach non-LISP IPv6 sites. Return traffic is attracted by the PITR function
(with the assumption that the PITR advertises coarse aggregates for IPv6 LISP EIDs into the IPv6
core.)
Perform the steps in this task (once through for each xTR in the LISP site) to enable and configure LISP ITR
and ETR (xTR) functionality when using a LISP map server and map resolver for mapping services. The
example configurations at the end of this task show the full configuration for two xTRs (xTR1 and xTR2).
SUMMARY STEPS
1. configure terminal
2. router lisp
3. database-mapping EID-prefix/prefix-length locator priority priority weight weight
4. Repeat Step 3 to configure a second RLOC (10.2.1.2) for the same xTR and IPv4 EID prefix.
5. Repeat Step 3 and Step 4 to configure the same RLOC connections, again, for the same xTR but, when
repeating these two steps, associate the IPv6 EID prefix, 2001:db8:a::/48, instead of the IPv4 EID prefix.
6. ipv4 itr
7. ipv4 etr
8. ipv4 itr map-resolver map-resolver-address
9. Repeat Step 8 to configure a second locator address of the map resolver.
10. ipv4 etr map-server map-server-address key key-type authentication-key
11. Repeat Step 10 to configure a second locator address for the map server.
12. ipv6 itr
13. ipv6 etr
14. ipv6 itr map-resolver map-resolver-address
15. Repeat Step 14 to configure a second locator address for the map resolver.
16. ipv6 etr map-server map-server-address key key-type authentication-key
17. Repeat Step 16 to configure a second locator address for the map server.
18. ipv6 use-petr petr-address
19. Repeat Step 18 to configure a second locator address for the PETR.
20. exit
21. ip route ipv4-prefix next-hop
22. exit
DETAILED STEPS
Example:
Router# configure terminal
Example:
Router(config)# router lisp
Step 3 database-mapping EID-prefix/prefix-length Configures an EID-to-RLOC mapping relationship and its associated traffic
locator priority priority weight weight policy for this LISP site.
Example:
Router(config-router-lisp)# ipv4 itr
Step 7 ipv4 etr Enables LISP ETR functionality for the IPv4 address family.
Example:
Router(config-router-lisp)# ipv4 etr
Step 8 ipv4 itr map-resolver Configures a locator address for the LISP map resolver to which this router
map-resolver-address will send Map-Request messages for IPv4 EID-to-RLOC mapping
resolutions.
Example: • The locator address of the map resolver may be an IPv4 or IPv6 address.
Router(config-router-lisp)# ipv4 itr In this example, because each xTR has only IPv4 RLOC connectivity,
map-resolver 10.10.10.10 the map resolver is reachable via its IPv4 locator address. (See the LISP
Command Reference for more details.)
Step 10 ipv4 etr map-server map-server-address Configures a locator address for the LISP map server and an authentication
key key-type authentication-key key that this router, acting as an IPv4 LISP ETR, will use to register with
the LISP mapping system.
Example: • In this example, each xTR must register to both map servers.
Router(config-router-lisp)# ipv4 etr
map-server 10.10.10.10 key 0 • The map server must be configured with EID prefixes matching those
some-key configured on this ETR and with an identical authentication key.
Note The locator address of the map server may be an IPv4 or IPv6
address. In this example, because each xTR has only IPv4 RLOC
connectivity, the map server is reachable via its IPv4 locator address.
(See the LISP Command Reference for more details.)
Note Up to two map servers may be configured if multiple map servers
are available. (See the LISP Command Reference for more details.)
Step 11 Repeat Step 10 to configure a second locator Configures a second locator address for the LISP map server and the
address for the map server. authentication key that this router will use to register with the LISP mapping
system.
Example:
Router(config-router-lisp)# ipv4 etr
map-server 10.10.30.10 key 0
some-key
Step 12 ipv6 itr Enables LISP ITR functionality for the IPv6 address family.
Example:
Router(config-router-lisp)# ipv6 itr
Step 13 ipv6 etr Enables LISP ETR functionality for the IPv6 address family.
Example:
Router(config-router-lisp)# ipv6 etr
Step 16 ipv6 etr map-server map-server-address Configures a locator address for the LISP map server and an authentication
key key-type authentication-key key that this router, acting as an IPv6 LISP ETR, will use to register to the
LISP mapping system.
Example: • In this example, each xTR must register to both map servers.
Router(config-router-lisp)# ipv6 etr
map-server 10.10.10.10 key 0 • The map server must be configured with EID prefixes matching those
some-key configured on this ETR and with an identical authentication key.
Note The locator address of the map server may be an IPv4 or IPv6
address. In this example, because each xTR has only IPv4 RLOC
connectivity, the map server is reachable via its IPv4 locator address.
(See the LISP Command Reference for more details.)
Note Up to two map servers may be configured if multiple map servers
are available. (See the LISP Command Reference for more details.)
Step 17 Repeat Step 16 to configure a second locator Configures a second locator address for the LISP map server and an
address for the map server. authentication key that this router, acting as an IPv6 LISP ETR, will use to
register with the LISP mapping system.
Example:
Router(config-router-lisp)# ipv6 itr
map-server 10.10.30.10 key 0
some-key
Step 18 ipv6 use-petr petr-address Configures a locator address for the Proxy Egress Tunnel Router (PETR) to
which each xTR will forward LISP-encapsulated IPv6 EIDs (using the xTR's
Example: IPv4 RLOC) to reach non-LISP IPv6 addresses.
Router(config-router-lisp)# ipv6
use-petr 10.10.10.11
Step 20 exit Exits LISP configuration mode and returns to global configuration mode.
Example:
Router(config-router-lisp)# exit
Step 21 ip route ipv4-prefix next-hop Configures a default route to the upstream next hop for all IPv4 destinations.
• All IPv4 EID-sourced packets destined to both LISP and non-LISP
Example: sites are forwarded in one of two ways:
Router(config)# ip route 0.0.0.0
0.0.0.0 10.1.1.1 • LISP-encapsulated to a LISP site when traffic is LISP-to-LISP
• natively forwarded when traffic is LISP-to-non-LISP
In this configuration example, because the xTR has IPv4 RLOC connectivity,
a default route to the upstream SP is used for all IPv4 packets to support
LISP processing.
Example:
Router(config)# exit
Example:
Figure 7: Multihomed LISP Site with Two xTRs, Two IPv4 RLOCs, and Both an IPv4 and an IPv6 EID
The examples below show the complete configuration for the LISP topology illustrated in the figure above
and in this task:
Example configuration for xTR-1:
!
hostname xTR-1
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0
ip address 172.17.1.1 255.255.255.255
!
interface LISP0
!
interface GigabitEthernet0/0/0
description Link to SP1 (RLOC)
ip address 10.1.1.2 255.255.255.252
!
interface GigabitEthernet1/0/0
description Link to Site (EID)
ip address 172.16.1.2 255.255.255.0
ipv6 address 2001:db8:a:1::2/64
!
router lisp
database-mapping 172.16.1.0/24 10.1.1.2 priority 1 weight 50
database-mapping 172.16.1.0/24 10.2.1.2 priority 1 weight 50
database-mapping 2001:db8:a::/48 10.1.1.2 priority 1 weight 50
database-mapping 2001:db8:a::/48 10.2.1.2 priority 1 weight 50
ipv4 itr
ipv4 etr
ipv4 itr map-resolver 10.10.10.10
ipv4 itr map-resolver 10.10.30.10
ipv4 etr map-server 10.10.10.10 key 0 some-key
ipv4 etr map-server 10.10.30.10 key 0 some-key
ipv6 itr
ipv6 etr
ipv6 itr map-resolver 10.10.10.10
ipv6 itr map-resolver 10.10.30.10
ipv6 etr map-server 10.10.10.10 key 0 some-key
ipv6 etr map-server 10.10.30.10 key 0 some-key
ipv6 use-petr 10.10.10.11
ipv6 use-petr 10.10.30.11
exit
!
ip route 0.0.0.0 0.0.0.0 10.1.1.1
!
ipv6 route ::/0
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0
ip address 172.17.1.2 255.255.255.255
!
interface LISP0
!
interface GigabitEthernet0/0/0
description Link to SP2 (RLOC)
ip address 10.2.1.2 255.255.255.252
!
interface GigabitEthernet1/0/0
description Link to Site (EID)
ip address 172.16.1.3 255.255.255.0
ipv6 address 2001:db8:a:1::3/64
!
router lisp
database-mapping 172.16.1.0/24 10.1.1.2 priority 1 weight 50
database-mapping 172.16.1.0/24 10.2.1.2 priority 1 weight 50
database-mapping 2001:db8:a::/48 10.1.1.2 priority 1 weight 50
database-mapping 2001:db8:a::/48 10.2.1.2 priority 1 weight 50
ipv4 itr
ipv4 etr
ipv4 itr map-resolver 10.10.10.10
ipv4 itr map-resolver 10.10.30.10
ipv4 etr map-server 10.10.10.10 key 0 some-xtr-key
ipv4 etr map-server 10.10.30.10 key 0 some-xtr-key
ipv6 itr
ipv6 etr
ipv6 itr map-resolver 10.10.10.10
ipv6 itr map-resolver 10.10.30.10
ipv6 etr map-server 10.10.10.10 key 0 some-xtr-key
ipv6 etr map-server 10.10.30.10 key 0 some-xtr-key
ipv6 use-petr 10.10.10.11
ipv6 use-petr 10.10.30.11
exit
!
ip route 0.0.0.0 0.0.0.0 10.2.1.1
!
ipv6 route ::/0
Configure a Multihomed LISP Site with Two xTRs that Each have Both an IPv4
and an IPv6 RLOC and Both an IPv4 and an IPv6 EID
Perform this task to configure a multihomed LISP site with two xTRs, each with both an IPv4 and an IPv6
RLOC and both with an IPv4 and an IPv6 EID. In this task, a LISP site uses two edge routers. Each edge
router is configured as an xTR (each performs as both an ITR and an ETR) and each also includes a single,
dual stack (IPv4 and IPv6) connection to an upstream provider. (Two different providers are used in this
example but the same upstream provider could be used for both connections.) Each xTR has an IPv4 RLOC
and an IPv6 RLOC and both IPv4 and IPv6 EID prefixes are being used within the LISP site. However,
because the site has both IPv4 and IPv6 RLOCs, it does not require a Proxy Ingress/Egress Tunnel Router
(PxTR) LISP infrastructure for access to non-LISP IPv6 addresses. (The PxTR infrastructure can still be
configured as a resiliency mechanism if desired.)
The LISP site registers to two map resolver/map server (MR/MS) devices in the network core using both IPv4
and IPv6 locators. The topology used in this multihomed LISP configuration is shown in the figure below.
Figure 8: Multihomed LISP Site with Two xTRs, Each with an IPv4 and an IPv6 RLOC and each with an IPv4 and an IPv6
EID
The components illustrated in the topology shown in the figure are described below:
• LISP site:
• Two CPE routers make up the LISP site: xTR-1 and xTR-2.
• Both CPE routers function as LISP xTRs (that is, an ITR and an ETR).
• The LISP site is authoritative for both the IPv4 EID prefix of 172.16.1.0/24 and the IPv6 EID
prefix 2001:db8:a::/48.
• Each LISP xTR has a single IPv4 RLOC connection and a single IPv6 RLOC connection to the
core: the RLOC connections for xTR-1 to SP1 include an IPv4 RLOC, 10.1.1.2/30, and an IPv6
RLOC, 2001:db8:e000:1::2/64. The xTR-2 connections to SP2 include IPv4 RLOC 10.2.1.2/30
and IPv6 RLOC 2001:db8:f000:1::2/64.
• For this multihomed case, the LISP site policy specifies equal load-sharing between service provider
(SP) links for ingress traffic engineering.
• Mapping system:
• Two map resolver/map server systems are assumed to be available for the LISP xTR to configure.
The MR/MSs have IPv4 RLOCs 10.10.10.10 and 10.10.30.10 and IPv6 RLOCs 2001:db8:e000:2::1
and 2001:db8:f000:2::1.
• Mapping services are assumed to be provided as part of this LISP solution via a private mapping
system or as a public LISP mapping system. From the perspective of the configuration of these
LISP site xTRs, there is no difference.
Note Map resolver and map server configurations are not shown here. See the "Configure a
Private LISP Mapping System Using a Standalone Map Resolver/Map Server" section
for information about map resolver and map server configuration.
• PxTR services are not required in this example since both xTRs have dual-stack connectivity to
the core.
Perform the steps in this task (once through for each xTR in the LISP site) to enable and configure LISP ITR
and ETR (xTR) functionality when using a LISP map resolver and map server for mapping services. The
example configurations at the end of this task show the full configuration for two xTRs (xTR1 and xTR2).
SUMMARY STEPS
1. configure terminal
2. router lisp
3. database-mapping EID-prefix/prefix-length locator priority priority weight weight
4. Repeat Step 3 to configure a second IPv4 RLOC for the same xTR and IPv4 EID prefix.
5. Repeat Step 3 and Step 4 to configure the same RLOC connections, again, for the same xTR but, when
repeating these two steps, associate the IPv6 EID prefix, 2001:db8:a::/48, instead of the IPv4 EID prefix.
6. Repeat Step 3, Step 4, and Step 5 to configure the second set of IPv4 and IPv6 RLOC connections on the
same xTR for both the IPv4 and IPv6 EID prefixes.
7. ipv4 itr
8. ipv4 etr
9. ipv4 itr map-resolver map-resolver-address
10. Repeat Step 9 to configure a second locator address of the LISP map resolver.
11. Repeat Step 9 and Step 10 to configure the IPv6 locator addresses of the LISP two map resolvers.
12. ipv4 etr map-server map-server-address key key-type authentication-key
13. Repeat Step 12 to configure a second locator address of the map server.
14. Repeat Step 12 and Step 13 to configure the IPv6 locator addresses of the two map servers.
15. ipv6 itr
16. ipv6 etr
17. ipv6 itr map-resolver map-resolver-address
18. Repeat Step 17 to configure a second IPv6 locator address of the LISP map resolver.
19. Repeat Step 17 and Step18 to configure the IPv6 (instead of IPv4) locator addresses for the two map
resolvers to which this router will send Map-Request messages for IPv6 EID-to-RLOC mapping resolutions.
20. ipv6 etr map-server map-server-address key key-type authentication-key
21. Repeat Step 20 to configure a second locator address of the LISP map server.
22. Repeat Steps 20 and 21 to configure the IPv6 locator addresses of the two map servers for which this
router, acting as an IPv6 LISP ETR, will use to register to the LISP mapping system.
23. exit
24. ip route ipv4-prefix next-hop
25. exit
DETAILED STEPS
Example:
Router# configure terminal
Example:
Router(config)# router lisp
Step 3 database-mapping EID-prefix/prefix-length Configures an EID-to-RLOC mapping relationship and its associated
locator priority priority weight weight traffic policy for this LISP site.
• In this example, a single IPv4 EID prefix, 172.16.1.0/24, and a
Example: single IPv6 prefix, 2001:db8:a::/48, are being associated with a
Router(config-router-lisp)# LISP site that contains two separate xTRs that each have a single
database-mapping 172.16.1.0/24 10.1.1.2 IPv4 RLOC connection and a single IPv6 connection to the core.
priority 1 weight 50
In this first database-mapping step example, xTR-1 is configured
with an IPv4 RLOC connection to SP1 (10.1.1.2) and an IPv6
RLOC connection to SP1 (2001:db8:e000:1::2/64.) while xTR-2
has an IPv4 RLOC connection of10.2.1.2 to SP2 and an IPv6
RLOC connection of 2001:db8:f000:1::2/64 to SP2. The weight
argument of 50 signifies that a second database-mapping
command is to be configured in the next step.
Example:
Router(config-router-lisp)#
database-mapping 2001:db8:a::/48 10.1.1.2
priority 1 weight 50
Example:
Router(config-router-lisp)#
database-mapping 2001:db8:a::/48 10.2.1.2
priority 1 weight 50
Example:
Router(config-router-lisp)# ipv4 itr
Step 8 ipv4 etr Enables LISP ETR functionality for the IPv4 address family.
Example:
Router(config-router-lisp)# ipv4 etr
Step 9 ipv4 itr map-resolver map-resolver-address Configures a locator address for the LISP map resolver to which this
router will send Map-Request messages for IPv4 EID-to-RLOC
Example: mapping resolutions.
Router(config-router-lisp)# ipv4 itr • The locator address of the map resolver may be an IPv4 or IPv6
map-resolver 10.10.10.10 address. In this example, because each xTR has both IPv4 and
IPv6 RLOC connectivity, the map resolver is reachable via both
IPv4 and IPv6 locator addresses. (See the LISP Command
Reference for more details.)
Example:
ipv4 etr map-server 2001:db8:e000:2::1 key
0 some-xtr-key
Example:
ipv4 etr map-server 2001:db8:f000:2::1 key
0 some-xtr-key
Step 15 ipv6 itr Enables LISP ITR functionality for the IPv6 address family.
Example:
Router(config-router-lisp)# ipv6 itr
Step 16 ipv6 etr Enables LISP ETR functionality for the IPv6 address family.
Example:
Router(config-router-lisp)# ipv6 etr
Router(config-router-lisp)# ipv6 itr • The locator address of the map resolver may be an IPv4 or IPv6
map-resolver 10.10.10.10 address. In this example, because each xTR has both IPv4 and
IPv6 RLOC connectivity, the map resolver is reachable via both
IPv4 and IPv6 locator addresses. (See the LISP Command
Reference for more details.)
Example:
ipv6 itr map-resolver 2001:db8:e000:2::1
Example:
ipv6 itr map-resolver 2001:db8:f000:2::1
Step 20 ipv6 etr map-server map-server-address key Configures a locator address for the LISP map server and an
key-type authentication-key authentication key that this router, acting as an IPv6 LISP ETR, will
use to register to the LISP mapping system.
Example: • In this example, a second xTR can be registered to the same two
Router(config-router-lisp)# ipv6 etr map servers using the same authentication key.
map-server 10.10.10.10 key 0 some-key
• The map server must be configured with EID prefixes matching
those configured on this ETR and with an identical authentication
key.
Example:
ipv6 etr map-server 2001:db8:e000:2::1 key
0 some-xtr-key
Example:
ipv6 etr map-server 2001:db8:f000:2::1 key
0 some-xtr-key
Step 23 exit Exits LISP configuration mode and returns to global configuration
mode.
Example:
Router(config-router-lisp)# exit
Step 24 ip route ipv4-prefix next-hop Configures a default route to the upstream next hop for all IPv4
destinations.
Example: • All IPv4 EID-sourced packets destined to both LISP and
Router(config)# ip route 0.0.0.0 0.0.0.0 non-LISP sites are forwarded in one of two ways:
10.1.1.1
• LISP-encapsulated to a LISP site when traffic is
LISP-to-LISP
• natively forwarded when traffic is LISP-to-non-LISP
Example:
Router(config)# exit
Example:
Figure 9: Multihomed LISP Site with Two xTRs, Each with an IPv4 and an IPv6 RLOC and each with an IPv4 and an IPv6
EID
The examples below show the complete configuration for the LISP topology illustrated in the figure above
and in this task:
Example configuration for xTR-1:
!
hostname xTR-1
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0
ip address 172.17.1.1 255.255.255.255
!
interface LISP0
!
interface GigabitEthernet0/0/0
description Link to SP1 (RLOC)
ip address 10.1.1.2 255.255.255.252
ipv6 address 2001:db8:e000:1::2/64
!
interface GigabitEthernet1/0/0
description Link to Site (EID)
ip address 172.16.1.2 255.255.255.0
ipv6 address 2001:db8:a:1::2/64
!
router lisp
database-mapping 172.16.1.0/24 10.1.1.2 priority 1 weight 50
database-mapping 172.16.1.0/24 10.2.1.2 priority 1 weight 50
database-mapping 2001:db8:a::/48 10.1.1.2 priority 1 weight 50
database-mapping 2001:db8:a::/48 10.2.1.2 priority 1 weight 50
database-mapping 172.16.1.0/24 2001:db8:e000:1::2 priority 1 weight 50
database-mapping 172.16.1.0/24 2001:db8:f000:1::2 priority 1 weight 50
database-mapping 2001:db8:a::/48 2001:db8:e000:1::2 priority 1 weight 50
database-mapping 2001:db8:a::/48 2001:db8:f000:1::2 priority 1 weight 50
ipv4 itr
ipv4 etr
ipv4 itr map-resolver 10.10.10.10
ipv4 itr map-resolver 10.10.30.10
ipv4 itr map-resolver 2001:db8:e000:2::1
ipv4 itr map-resolver 2001:db8:f000:2::1
ipv4 etr map-server 10.10.10.10 key 0 some-xtr-key
ipv4 etr map-server 10.10.30.10 key 0 some-xtr-key
ipv4 etr map-server 2001:db8:e000:2::1 key 0 some-xtr-key
ipv4 etr map-server 2001:db8:f000:2::1 key 0 some-xtr-key
ipv6 itr
ipv6 etr
ipv6 itr map-resolver 10.10.10.10
ipv6 itr map-resolver 10.10.30.10
ipv6 itr map-resolver 2001:db8:e000:2::1
ipv6 itr map-resolver 2001:db8:f000:2::1
ipv6 etr map-server 10.10.10.10 key 0 some-xtr-key
ipv6 etr map-server 10.10.30.10 key 0 some-xtr-key
ipv6 etr map-server 2001:db8:e000:2::1 key 0 some-xtr-key
ipv6 etr map-server 2001:db8:f000:2::1 key 0 some-xtr-key
exit
!
ip route 0.0.0.0 0.0.0.0 10.1.1.1
!
ipv6 route ::/0 2001:db8:e000:1::1
!
Example configuration for xTR-2:
!
hostname xTR-2
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0
ip address 172.17.1.2 255.255.255.255
!
interface LISP0
!
interface GigabitEthernet0/0/0
description Link to SP2 (RLOC)
ip address 10.2.1.2 255.255.255.252
ipv6 address 2001:db8:f000:1::2/64
!
interface GigabitEthernet1/0/0
description Link to Site (EID)
ip address 172.16.1.3 255.255.255.0
ipv6 address 2001:db8:a:1::3/64
!
router lisp
database-mapping 172.16.1.0/24 10.1.1.2 priority 1 weight 50
database-mapping 172.16.1.0/24 10.2.1.2 priority 1 weight 50
database-mapping 2001:db8:a::/48 10.1.1.2 priority 1 weight 50
database-mapping 2001:db8:a::/48 10.2.1.2 priority 1 weight 50
database-mapping 172.16.1.0/24 2001:db8:e000:1::2 priority 1 weight 50
database-mapping 172.16.1.0/24 2001:db8:f000:1::2 priority 1 weight 50
database-mapping 2001:db8:a::/48 2001:db8:e000:1::2 priority 1 weight 50
database-mapping 2001:db8:a::/48 2001:db8:f000:1::2 priority 1 weight 50
ipv4 itr
ipv4 etr
ipv4 itr map-resolver 10.10.10.10
ipv4 itr map-resolver 10.10.30.10
ipv4 itr map-resolver 2001:db8:e000:2::1
ipv4 itr map-resolver 2001:db8:f000:2::1
ipv4 etr map-server 10.10.10.10 key 0 some-xtr-key
ipv4 etr map-server 10.10.30.10 key 0 some-xtr-key
ipv4 etr map-server 2001:db8:e000:2::1 key 0 some-xtr-key
ipv4 etr map-server 2001:db8:f000:2::1 key 0 some-xtr-key
ipv6 itr
ipv6 etr
ipv6 itr map-resolver 10.10.10.10
ipv6 itr map-resolver 10.10.30.10
ipv6 itr map-resolver 2001:db8:e000:2::1
ipv6 itr map-resolver 2001:db8:f000:2::1
ipv6 etr map-server 10.10.10.10 key 0 some-xtr-key
ipv6 etr map-server 10.10.30.10 key 0 some-xtr-key
ipv6 etr map-server 2001:db8:e000:2::1 key 0 some-xtr-key
ipv6 etr map-server 2001:db8:f000:2::1 key 0 some-xtr-key
exit
!
ip route 0.0.0.0 0.0.0.0 10.2.1.1
!
ipv6 route ::/0 2001:db8:f000:1::1
!
The map resolver/map server is configured with both IPv4 and IPv6 RLOC addresses. The topology used in
this most basic LISP MR/MS configuration is shown in the figure below.
Figure 10: Standalone LISP Map Resolver/Map Server with both IPv4 and IPv6 RLOCs
The components illustrated in the topology shown in the figure are described below, although the map resolver
is configured separately:
Mapping System
• The LISP device is configured to function as a standalone map resolver/map server (MR/MS).
• The xTRs in the LISP site are assumed to be registered to this map server. That is, the xTR registers the
IPv4 EID prefix of 172.16.1.0/24 and, when IPv6 EIDs are used, the xTR also registers the IPv6 EID
of prefix 2001:db8:a::/48.
• The MR/MS has an IPv4 locator of 10.10.10.10/24 and an IPv6 locator of 2001:db8:e000:2::1/64.
SUMMARY STEPS
1. configure terminal
2. vrf definition vrf-name
3. address-family ipv4 [unicast]
4. exit-address-family
5. address-family ipv6
6. exit-address-family
7. exit
8. router lisp
9. ipv4 alt-vrf vrf-name
10. ipv4 map-server
11. ipv4 map-resolver
12. ipv6 alt-vrf vrf-name
13. ipv6 map-server
14. ipv6 map-resolver
15. site site-name
16. eid-prefix EID-prefix
17. authentication-key [key-type] authentication-key
18. exit
19. Repeat Steps 15 through 18 to configure additional LISP sites.
20. exit
21. ip route ipv4-prefix next-hop
22. ipv6 route ipv6-prefix next-hop
23. exit
DETAILED STEPS
Example:
Router# configure terminal
Step 2 vrf definition vrf-name Creates a virtual routing and forwarding (VRF) table and enters VRF
configuration mode.
Example: • Use the vrf-name argument to specify a name to be assigned to
Router(config)# vrf definition lisp the VRF table. In this example, a VRF table named lisp is
created to hold EID prefixes.
Step 4 exit-address-family Exits VRF IPv4 address family configuration mode and returns to
VRF configuration mode.
Example:
Router(config-vrf-af)#
exit-address-family
Step 5 address-family ipv6 Enters VRF IPv6 address family configuration mode to specify an
IPv6 address family for a VRF table.
Example: • In this example, the VRF table named lisp handles IPv6 EID
Router(config-vrf)# address-family ipv6 prefixes.
Step 6 exit-address-family Exits VRF IPv6 address family configuration mode and returns to
VRF configuration mode.
Example:
Router(config-vrf-af)#
exit-address-family
Step 7 exit Exits VRF configuration mode and enters global configuration mode.
Example:
Router(config-vrf)# exit
Example:
Router(config)# router lisp
Step 9 ipv4 alt-vrf vrf-name Associates a VRF table with the LISP ALT for IPv4 EIDs.
• In this example, the VRF table named lisp (created in Step 2)
Example: is associated with the LISP ALT.
Router(config-router-lisp)# ipv4 alt-vrf
lisp
Step 10 ipv4 map-server Enables LISP map server functionality for EIDs in the IPv4 address
family.
Example:
Router(config-router-lisp)# ipv4
map-server
Step 12 ipv6 alt-vrf vrf-name Associates a VRF table with the LISP ALT for IPv6 EIDs.
• In this example, the VRF table named lisp (created in Step 2)
Example: is associated with the LISP ALT.
Router(config-router-lisp)# ipv6 alt-vrf
lisp
Step 13 ipv6 map-server Enables LISP map server functionality for EIDs in the IPv6 address
family.
Example:
Router(config-router-lisp)# ipv6
map-server
Step 14 ipv6 map-resolver Enables LISP map resolver functionality for EIDs in the IPv6 address
family.
Example:
Router(config-router-lisp)# ipv6
map-resolver
Step 15 site site-name Specifies a LISP site named Site-1 and enters LISP site configuration
mode.
Example: Note A LISP site name is locally significant to the map server on
Router(config-router-lisp)# site Site-1 which it is configured. It has no relevance anywhere else.
This name is used solely as an administrative means of
associating one or more EID prefixes with an authentication
key and other site-related mechanisms.
Step 16 eid-prefix EID-prefix Configures an IPv4 or IPv6 EID prefix associated with this LISP site.
• Repeat this step as necessary to configure additional EID
Example: prefixes under this LISP sites.
Router(config-router-lisp-site)#
eid-prefix 172.16.1.0/24 • In this step example, only an IPv4 EID prefix is configured but
to complete the configuration, an IPv6 EID prefix must also be
configured.
Step 23 exit Exits global configuration mode and returns to privileged EXEC
mode.
Example:
Router(config)# exit
Example:
Figure 11: Standalone LISP Map Resolver/Map Server with both IPv4 and IPv6 RLOCs
The example below shows the complete configuration for the LISP topology illustrated in the figure above
and in this task. However, this example is for a full configuration of a standalone LISP MR/MS and includes
some basic IPv4 and IPv6 configuration not covered in this task:
!
hostname MR-MS
!
vrf definition lisp
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0
ip address 172.17.2.1 255.255.255.255
!
interface LISP0
!
interface GigabitEthernet0/0/0
description Link to SP1 (RLOC)
ip address 10.10.10.10 255.255.255.0
ipv6 address 2001:db8:e000:2::1/64
!
router lisp
site Site-1
authentication-key some-key
eid-prefix 172.16.1.0/24
eid-prefix 2001:db8:a::/48
exit
!
site Site-2
authentication-key another-key
eid-prefix 172.16.2.0/24
eid-prefix 2001:db8:b::/48
exit
!
!---more LISP site configs---
!
ipv4 map-server
ipv4 map-resolver
ipv4 alt-vrf lisp
ipv6 map-server
ipv6 map-resolver
ipv6 alt-vrf lisp
exit
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
ipv6 route ::/0 2001:db8:e000:2::fof
Note You must also configure an ALT-connected LISP map server (see the Configuring an ALT-Connected
LISP Map Server task).
In the figure below, the map resolver (MR) and map server (MS) are configured on separate devices and share
their EID prefix information via connectivity.
Figure 12: ALT-Connected LISP Map Resolver and Map Server, each having both an IPv4 and an IPv6 RLOC
The map resolver illustrated in the topology shown in the figure is described below; the map server and LISP
ALT are configured in separate tasks:
Mapping System
• Two LISP devices are configured, one as an MS and the other as an MR.
• The MS has an IPv4 locator of 10.10.10.13/24 and an IPv6 locator of 2001:db8:e000:2::3/64.
• The MR has an IPv4 locator of 10.10.10.10/24 and an IPv6 locator of 2001:db8:e000:2::1/64.
• Assume that the xTRs in the LISP site register to this map server. That is, the xTR registers the IPv4
EID-prefix of 172.16.1.0/24 and, when IPv6 EIDs are used, the xTR registers the IPv6 EID-prefix of
2001:db8:a::/48.
Note The configuration of the xTR must be changed to use the MS RLOC for its map server
configuration and the MR RLOC for its map resolver configuration. For example:
• ipv4 itr map-resolver 10.10.10.10
• ipv4 etr map-server 10.10.10.13 key 0 some-key
Other Infrastructure
• The MR has IPv4 and IPv6 tunnel endpoints in the VRF table (named lisp) of 192.168.1.1/30 and
2001:db8:ffff::1/64, respectively, and the MS has IPv4 and IPv6 tunnel endpoints of 192.168.1.2/30 and
2001:db8:ffff::2/64, respectively, in the same VRF table. This tunnel is used for the ALT.
SUMMARY STEPS
1. configure terminal
2. vrf definition vrf-name
3. rd route-distinguisher
4. address-family ipv4 [unicast]
5. exit-address-family
6. address-family ipv6
7. exit-address-family
8. exit
9. interface type number
10. vrf forwarding vrf-name
11. ip address ip-address mask
12. ipv6 address ipv6-address/mask
13. tunnel source interface-type interface-number
14. tunnel destination ipv4-address
15. exit
16. router lisp
17. ipv4 map-resolver
18. ipv4 alt-vrf vrf-name
19. ipv6 map-resolver
20. ipv6 alt-vrf vrf-name
21. exit
22. router bgp autonomous-system-number
23. address-family ipv4 [unicast | multicast | vrf vrf-name]
24. neighbor ip-address remote-as autonomous-system-number
25. neighbor ip-address activate
26. exit
27. address-family ipv6 vrf vrf-name
28. neighbor ip-address remote-as autonomous-system-number
29. neighbor ip-address activate
30. exit
31. exit
32. ip route ipv4-prefix next-hop
33. ipv6 route ipv6-prefix next-hop
34. exit
DETAILED STEPS
Example:
Router# configure terminal
Step 2 vrf definition vrf-name Creates a virtual routing and forwarding (VRF) table and enters
VRF configuration mode.
Example: • Use the vrf-name argument to specify a name to be assigned
Router(config)# vrf definition lisp to the VRF. In this example, a VRF named lisp is created
to hold EID prefixes.
Example:
Router(config-vrf)# rd 1:1
Step 4 address-family ipv4 [unicast] Enters VRF IPv4 address family configuration mode to specify
an IPv4 address family for a VRF table.
Example: • In this example, the VRF table named lisp handles IPv4
Router(config-vrf)# address-family ipv4 EID prefixes.
Step 5 exit-address-family Exits VRF IPv4 address family configuration mode and returns
to VRF configuration mode.
Example:
Router(config-vrf-af)# exit-address-family
Step 6 address-family ipv6 Enters VRF IPv6 address family configuration mode to specify
an IPv6 address family for a VRF table.
Example: • In this example, the VRF table named lisp handles IPv6
Router(config-vrf)# address-family ipv6 EID prefixes.
Step 7 exit-address-family Exits VRF IPv6 address family configuration mode and returns
to VRF configuration mode.
Example:
Router(config-vrf-af)# exit-address-family
Step 8 exit Exits VRF configuration mode and enters global configuration
mode.
Example:
Router(config-vrf)# exit
Step 10 vrf forwarding vrf-name Associates a VRF instance configured in Step 2 with the tunnel
interface configured in Step 9.
Example: • When the interface is bound to a VRF, previously
Router(config-if)# vrf forwarding lisp configured IP addresses are removed, and the interface is
disabled.
Step 11 ip address ip-address mask Configures an IPv4 address for the tunnel interface.
Example:
Router(config-if)# ip address 192.168.1.1
255.255.255.252
Step 12 ipv6 address ipv6-address/mask Configures an IPv6 address for the tunnel interface.
Example:
Router(config-if)# ipv6 address
2001:db8:ffff::1/64
Example:
Router(config-if)# tunnel source
GigabitEthernet 0/0/0
Step 14 tunnel destination ipv4-address Configures the tunnel destination IPv4 address for the tunnel
interface.
Example:
Router(config-if)# tunnel destination
10.10.10.13
Step 15 exit Exits interface configuration mode and enters global configuration
mode.
Example:
Router(config-if)# exit
Example:
Router(config)# router lisp
Step 18 ipv4 alt-vrf vrf-name Associates a VRF table with the LISP ALT for IPv4 EIDs.
• In this example, the VRF table named lisp (created in Step
Example: 2) is associated with the LISP ALT.
Router(config-router-lisp)# ipv4 alt-vrf
lisp
Step 19 ipv6 map-resolver Enables LISP map resolver functionality for EIDs in the IPv6
address family.
Example:
Router(config-router-lisp)# ipv6
map-resolver
Step 20 ipv6 alt-vrf vrf-name Associates a VRF table with the LISP ALT for IPv6 EIDs.
• In this example, the VRF table named lisp (created in Step
Example: 2) is associated with the LISP ALT.
Router(config-router-lisp)# ipv6 alt-vrf
lisp
Step 21 exit Exits LISP configuration mode and returns to global configuration
mode.
Example:
Router(config-router-lisp)# exit
Step 22 router bgp autonomous-system-number Enters router configuration mode for the specified routing
process.
Example:
Router(config)# router bgp 65010
Step 23 address-family ipv4 [unicast | multicast | vrf Specifies the IPv4 address family and enters IPv4 address family
vrf-name] configuration mode.
• The vrf keyword and vrf-name argument specify the name
Example: of the VRF instance to associate with subsequent
Router(config-router)# address-family ipv4 commands.
vrf lisp
• In this example, the VRF table named lisp (created in Step
2) is associated with the BGP IPv4 VRF that carries
EID-prefixes in the LISP ALT.
Step 25 neighbor ip-address activate Enables the neighbor to exchange prefixes for the IPv4 unicast
address family.
Example:
Router(config-router-af)# neighbor
192.168.1.2 activate
Step 26 exit Exits IPv4 address family configuration mode and returns to
router configuration mode.
Example:
Router(config-router-af)# exit
Step 27 address-family ipv6 vrf vrf-name Specifies the IPv6 address family and enters IPv6 address family
configuration mode.
Example: • The vrf keyword and vrf-name argument specify the name
Router(config-router)# address-family ipv6 of the VRF instance to associate with subsequent
vrf lisp commands.
• In this example, the VRF table named lisp (created in Step
2) is associated with the BGP IPv6 VRF that carries
EID-prefixes in the LISP ALT.
Step 28 neighbor ip-address remote-as Adds the IPv6 address of the neighbor in the specified
autonomous-system-number autonomous system to the IPv6 multiprotocol BGP neighbor
table of the local router.
Example:
Router(config-router-af)# neighbor
2001:db8:ffff::2 remote-as 65011
Step 29 neighbor ip-address activate Enables the neighbor to exchange prefixes for the IPv6 unicast
address family.
Example:
Router(config-router-af)# neighbor
2001:db8:ffff::2 activate
Step 30 exit Exits address family configuration mode and returns to router
configuration mode.
Example:
Router(config-router-af)# exit
Step 34 exit Exits global configuration mode and returns to privileged EXEC
mode.
Example:
Router(config)# exit
Examples
Figure 13: ALT-Connected LISP Map Resolver and Map Server, each having both an IPv4 and an IPv6 RLOC
The example below shows the full configuration for a LISP map resolver including some basic IP and IPv6
configuration not included in the task table for this task:
!
vrf definition lisp
rd 1:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0
no ip address
!
interface Tunnel192
vrf forwarding lisp
ip address 192.168.1.1 255.255.255.252
ipv6 address 2001:db8:ffff::1/64
tunnel source GigabitEthernet 0/0/0
tunnel destination 10.10.10.13
!
interface GigabitEthernet 0/0/0
description Link to SP1 (RLOC)
ip address 10.10.10.10 255.255.255.0
ipv6 address 2001:db8:e000:2::1/64
!
router lisp
ipv4 map-resolver
ipv4 alt-vrf lisp
ipv6 map-resolver
ipv6 alt-vrf lisp
exit
!
router bgp 65010
bgp asnotation dot
bgp log-neighbor-changes
!
address-family ipv4 vrf lisp
neighbor 192.168.1.2 remote-as 65011
neighbor 192.168.1.2 activate
exit-address-family
!
address-family ipv6 vrf lisp
neighbor 2001:db8:ffff::2 remote-as 65011
neighbor 2001:db8:ffff::2 activate
exit-address-family
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
ipv6 route ::/0 2001:db8:e000:2::f0f
!
Note You must also configure an ALT-connected LISP map resolver (see the Configuring an ALT-Connected
LISP Map Resolver task).
In the figure below, the map resolver (MR) and map server (MS) are configured on separate devices and share
their EID prefix information via connectivity.
Figure 14: ALT-Connected LISP Map Resolver and Map Server, each having both an IPv4 and an IPv6 RLOC
The map server illustrated in the topology shown in the figure is described below; the map resolver and LISP
ALT are configured in separate tasks:
Mapping System
• Two LISP devices are configured, one as an MS and the other as an MR.
• The MS has an IPv4 locator of 10.10.10.13/24 and an IPv6 locator of 2001:db8:e000:2::3/64.
• The MR has an IPv4 locator of 10.10.10.10/24 and an IPv6 locator of 2001:db8:e000:2::1/64.
• Assume that the xTRs in the LISP site register to this map server. That is, the xTR registers the IPv4
EID-prefix of 172.16.1.0/24 and, when IPv6 EIDs are used, the xTR registers the IPv6 EID-prefix of
2001:db8:a::/48.
Note The configuration of the xTR must be changed to use the MS RLOC for its map server
configuration and the MR RLOC for its map resolver configuration. For example:
• ipv4 itr map-resolver 10.10.10.10
• ipv4 etr map-server 10.10.10.13 key 0 some-key
Other Infrastructure
• The MR has IPv4 and IPv6 tunnel endpoints in the VRF table (named lisp) of 192.168.1.1/30 and
2001:db8:ffff::1/64, respectively, and the MS has IPv4 and IPv6 tunnel endpoints of 192.168.1.2/30 and
2001:db8:ffff::2/64, respectively, in the same VRF table. This tunnel is used for the ALT.
SUMMARY STEPS
1. configure terminal
2. vrf definition vrf-name
3. rd route-distinguisher
4. address-family ipv4 [unicast]
5. exit-address-family
6. address-family ipv6
7. exit-address-family
8. exit
9. interface type number
10. vrf forwarding vrf-name
11. ip address ip-address mask
12. ipv6 address ipv6-address/mask
13. tunnel source interface-type interface-number
14. tunnel destination ipv4-address
15. exit
16. router lisp
17. ipv4 map-server
18. ipv4 alt-vrf vrf-name
19. ipv6 map-server
20. ipv6 alt-vrf vrf-name
21. site site-name
22. eid-prefix EID-prefix
23. authentication-key key-type authentication-key
24. exit
25. Repeat Steps 21 through 24 to configure additional LISP sites.
26. exit
27. router bgp autonomous-system-number
28. address-family ipv4 [unicast | multicast | vrf vrf-name]
29. redistribute lisp
30. neighbor ip-address remote-as autonomous-system-number
31. neighbor ip-address activate
32. exit
33. address-family ipv6 vrf vrf-name
34. redistribute lisp
35. neighbor ip-address remote-as autonomous-system-number
36. neighbor ip-address activate
37. exit
38. exit
39. ip route ipv4-prefix next-hop
DETAILED STEPS
Example:
Router# configure terminal
Step 2 vrf definition vrf-name Creates a virtual routing and forwarding (VRF) table and enters
VRF configuration mode.
Example: • Use the vrf-name argument to specify a name to be assigned
Router(config)# vrf definition lisp to the VRF. In this example, a VRF named lisp is created to
hold EID prefixes.
Example:
Router(config-vrf)# rd 1:1
Step 4 address-family ipv4 [unicast] Enters VRF IPv4 address family configuration mode to specify an
IPv4 address family for a VRF table.
Example: • In this example, the VRF table named lisp handles IPv4 EID
Router(config-vrf)# address-family ipv4 prefixes.
Step 5 exit-address-family Exits VRF IPv4 address family configuration mode and returns to
VRF configuration mode.
Example:
Router(config-vrf-af)# exit-address-family
Step 6 address-family ipv6 Enters VRF IPv6 address family configuration mode to specify an
IPv6 address family for a VRF table.
Example: • In this example, the VRF table named lisp handles IPv6 EID
Router(config-vrf)# address-family ipv6 prefixes.
Step 7 exit-address-family Exits VRF IPv6 address family configuration mode and returns to
VRF configuration mode.
Example:
Router(config-vrf-af)# exit-address-family
Step 9 interface type number Specifies the interface type of tunnel and the interface number and
enters interface configuration mode.
Example:
Router(config)# interface tunnel 191
Step 10 vrf forwarding vrf-name Associates a VRF instance configured in Step 2 with the tunnel
interface configured in Step 9.
Example: • When the interface is bound to a VRF, previously configured
Router(config-if)# vrf forwarding lisp IP addresses are removed, and the interface is disabled.
Step 11 ip address ip-address mask Configures an IPv4 address for the tunnel interface.
Example:
Router(config-if)# ip address 192.168.1.6
255.255.255.252
Step 12 ipv6 address ipv6-address/mask Configures an IPv6 address for the tunnel interface.
Example:
Router(config-if)# ipv6 address
2001:DB8:ffff::6/64
Example:
Router(config-if)# tunnel source
GigabitEthernet 0/0/0
Step 14 tunnel destination ipv4-address Configures the tunnel destination IPv4 address for the tunnel
interface.
Example:
Router(config-if)# tunnel destination
10.10.10.13
Step 15 exit Exits interface configuration mode and enters global configuration
mode.
Example:
Router(config-if)# exit
Example:
Router(config)# router lisp
Step 17 ipv4 map-server Enables LISP map server functionality for EIDs in the IPv4 address
family.
Example:
Router(config-router-lisp)# ipv4
map-server
Step 18 ipv4 alt-vrf vrf-name Associates a VRF table with the LISP ALT for IPv4 EIDs.
• In this example, the VRF table named lisp (created in Step
Example: 2) is associated with the LISP ALT.
Router(config-router-lisp)# ipv4 alt-vrf
lisp
Step 19 ipv6 map-server Enables LISP map server functionality for EIDs in the IPv6 address
family.
Example:
Router(config-router-lisp)# ipv6
map-server
Step 20 ipv6 alt-vrf vrf-name Associates a VRF table with the LISP ALT for IPv6 EIDs.
• In this example, the VRF table named lisp (created in Step
Example: 2) is associated with the LISP ALT.
Router(config-router-lisp)# ipv6 alt-vrf
lisp
Step 21 site site-name Specifies a LISP site and enters LISP site configuration mode.
Note A LISP site name is locally significant to the map server
Example: on which it is configured. It has no relevance anywhere
Router(config-router-lisp)# site Site-1 else. This name is used solely as an administrative means
of associating one or more EID prefixes with an
authentication key and other site-related mechanisms.
Step 22 eid-prefix EID-prefix Configures an IPv4 or IPv6 EID prefix associated with this LISP
site.
Example: • Repeat this step as necessary to configure additional EID
Router(config-router-lisp-site)# prefixes under this LISP sites.
eid-prefix 172.16.1.0/24
• In this step example, only an IPv4 EID prefix is configured
but to complete the configuration, an IPv6 EID prefix must
also be configured.
Step 27 router bgp autonomous-system-number Enters router configuration mode for the specified routing process.
Example:
Router(config)# router bgp 65011
Step 28 address-family ipv4 [unicast | multicast | vrf Specifies the IPv4 address family and enters IPv4 address family
vrf-name] configuration mode.
• The vrf keyword and vrf-name argument specify the name
Example: of the VRF instance to associate with subsequent commands.
Router(config-router)# address-family ipv4
vrf lisp • In this example, the VRF table named lisp (created in Step
2) is associated with the BGP IPv4 VRF that carries EID
prefixes in the LISP ALT.
Step 29 redistribute lisp Redistributes EID prefixes known to LISP into BGP.
Example:
Router(config-router-af)# redistribute
lisp
Step 31 neighbor ip-address activate Enables the neighbor to exchange prefixes for the IPv4 unicast
address family.
Example:
Router(config-router-af)# neighbor
192.168.1.1 activate
Step 32 exit Exits address family configuration mode and returns to router
configuration mode.
Example:
Router(config-router-af)# exit
Step 33 address-family ipv6 vrf vrf-name Specifies the IPv6 address family and enters IPv6 address family
configuration mode.
Example: • The vrf keyword and vrf-name argument specify the name
Router(config-router)# address-family ipv6 of the VRF instance to associate with subsequent commands.
vrf lisp
• In this example, the VRF table named lisp (created in Step
2) is associated with the BGP IPv6 VRF that carries EID
prefixes in the LISP ALT.
Step 34 redistribute lisp Redistributes EID prefixes known to LISP into BGP.
Example:
Router(config-router-af)# redistribute
lisp
Step 35 neighbor ip-address remote-as Adds the IPv6 address of the neighbor in the specified autonomous
autonomous-system-number system to the IPv6 multiprotocol BGP neighbor table of the local
router.
Example:
Router(config-router-af)# neighbor
2001:db8:ffff::1 remote-as 65010
Step 36 neighbor ip-address activate Enables the neighbor to exchange prefixes for the IPv6 unicast
address family.
Example:
Router(config-router-af)# neighbor
2001:db8:ffff::1 activate
Step 38 exit Exits router configuration mode and returns to global configuration
mode.
Example:
Router(config-router)# exit
Step 41 exit Exits global configuration mode and returns to privileged EXEC
mode.
Example:
Router(config)# exit
Example:
Figure 15: ALT-Connected LISP Map Resolver and Map Server, each having both an IPv4 and an IPv6 RLOC
The example below shows the full configuration for a LISP map server including some basic IP and IPv6
configuration not included in the task table for this task:
!
hostname MS
!
vrf definition lisp
rd 1:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0
no ip address
!
interface Tunnel192
vrf forwarding lisp
ip address 192.168.1.2 255.255.255.252
ipv6 address 2001:db8:ffff::2/64
tunnel source GigabitEthernet 0/0/0
tunnel destination 10.10.10.10
!
interface GigabitEthernet 0/0/0
description Link to SP1 (RLOC)
ip address 10.10.10.13 255.255.255.0
ipv6 address 2001:db8:e000:2::3/64
!
router lisp
site Site-1
authentication-key 0 some-xtr-key
eid-prefix 172.16.1.0/24
eid-prefix 2001:db8:a::/48
exit
!
site Site-2
authentication-key 0 another-xtr-key
eid-prefix 172.16.2.0/24
eid-prefix 2001:db8:b::/48
exit
!
!---configure more LISP sites as required---
!
ipv4 map-server
ipv4 alt-vrf lisp
ipv6 map-server
ipv6 alt-vrf lisp
exit
!
router bgp 65011
bgp asnotation dot
bgp log-neighbor-changes
!
address-family ipv4 vrf lisp
redistribute lisp
neighbor 192.168.1.1 remote-as 65010
neighbor 192.168.1.1 activate
exit-address-family
!
address-family ipv6 vrf lisp
redistribute lisp
neighbor 2001:db8:ffff::1 remote-as 65010
neighbor 2001:db8:ffff::1 activate
exit-address-family
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
ipv6 route ::/0 2001:db8:e000:2::f0f
Deploying a Proxy Egress Tunnel Router with both an IPv4 and an IPv6 RLOC
Perform this task to deploy a Proxy Egress Tunnel Router (PETR) for both IPv4 and IPv6 address families.
You can also perform this task to configure PETR functionality on a single device that acts simultaneously
as a PETR and as a Proxy Ingress Tunnel Router (PITR), referred to as a PxTR.
A PETR simply takes in LISP encapsulated packets and decapsulates them and forwards them. For example,
a PETR can be used to provide IPv6 LISP EIDs access to non-LISP EIDs when the LISP site only has IPv4
RLOC connectivity. A PETR, therefore, is used for LISP-to-non-LISP access in situations where cross-address
family connectivity is an issue. (A PETR can still be used for matching EID and RLOC address families if
desired.) Note that a PITR is required to provide return-traffic flow. A PETR is simple to deploy because it
need only provide dual-stack connectivity to the core.
The topology used in this PETR example is shown in the figure. The PETR and PITR in this example are
deployed as separate devices and each have both an IPv4 and an IPv6 locator.
Figure 16: Proxy Egress Tunnel Router with both an IPv4 and an IPv6 RLOC
The components illustrated in the topology shown in the figure are described below:
PETR
• When deployed as a standalone LISP device, the PETR has dual-stack connectivity to the core network.
• The PETR IPv4 locator is 10.10.10.14/24 and the IPv6 locator is 2001:db8:e000:2::4/64.
SUMMARY STEPS
1. enable
2. configure terminal
3. router lisp
4. ipv4 proxy-etr
5. ipv6 proxy-etr
6. exit
7. ip route ipv4-prefix next-hop
8. ipv6 route ipv6-prefix next-hop
9. exit
DETAILED STEPS
Example:
Router# configure terminal
Example:
Router(config)# router lisp
Example:
Router(config-router-lisp)# ipv4 proxy-etr
Example:
Router(config-router-lisp)# ipv6 proxy-etr
Example:
Figure 17: Proxy Egress Tunnel Router with both an IPv4 and an IPv6 RLOC
The example below shows the full configuration for a PETR including some basic IP and IPv6 configuration
not included in the task table for this task:
!
hostname PETR
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0
no ip address
!
interface GigabitEthernet 0/0/0
description Link to Core (RLOC)
ip address 10.10.10.14 255.255.255.0
ipv6 address 2001:db8:e000:2::4/64
!
router lisp
ipv4 proxy-etr
ipv6 proxy-etr
exit
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
ipv6 route ::/0 2001:db8:e000:2::f0f
Deploying a Proxy Ingress Tunnel Router with both an IPv4 and an IPv6 RLOC
Perform this task to deploy a Proxy Ingress Tunnel Router (PITR) for both IPv4 and IPv6 address families.
You can also perform this task to configure PITR functionality on a single device that acts simultaneously as
a PITR and as a Proxy Egress Tunnel Router (PETR), referred to as a PxTR.
A PITR attracts non-LISP packets by advertising a coarse-aggregate prefix for LISP EIDs into the core (such
as the Internet or a Multiprotocol Label Switching (MPLS) core) and then performs LISP encapsulation
services (like an ITR) to provide access to LISP EIDs. Thus, a PITR provides non-LISP-to-LISP interworking.
A PITR is also used to provide address family “hop-over ? for non-LISP-to-LISP traffic. For example, a
dual-stacked PxTR can be used to provide a return-traffic path from non-LISP IPv6 sites to IPv6 LISP sites
that contain only IPv4 RLOCs.
To resolve EID-to-RLOC mappings for creating non-LISP-to-LISP flows, configure PITR to query the LISP
mapping system. In this task, the PITR is configured to send Map-Rrequest messages via the LISP alternate
logical topology (ALT) to resolve EID-to-RLOC mappings.
Note To attract non-LISP traffic destined to LISP sites, the PITR must advertise coarse-aggregate EID prefixes
into the underlying network infrastructure. In an Internet-as-the-core example, attracting non-LISP traffice
destined to LISP sites is typically managed via external BGP (eBGP) and by advertising the coarse-aggregate
that includes all appropriate EID prefixes into the Internet. The example configuration in the figure utilizes
this approach. Because this is a standard BGP configuration, summary and detailed command guidance
is not provided in the task table for this task, although the complete configuration example that follows
the task table does include an accurate example of this eBGP peering. Any other approach that advertises
coarse-aggregates that include all appropriate EID prefixes into the core are also acceptable.
The topology used in this example is shown in the figure. The PITR is deployed as a separate device, with
both an IPv4 and an IPv6 locator. A map resolver and core-peering router are also shown in the figure for
reference because they are required components for completing the PITR configuration shown in the figure.
Figure 18: Proxy Ingress Tunnel Router with both an IPv4 and an IPv6 RLOC
The components illustrated in the topology shown in the figure are described below:
PITR
• When deployed as a standalone LISP device, the PITR has dual-stack connectivity to the core network.
• The PITR IPv4 locator is 10.10.10.11/24 and the IPv6 locator is 2001:db8:e000:2::2/64.
• The use of LISP EID prefixes throughout this task (172.16.1.0/24 and 2001:db8:a::/48 configuration)
is assumed and are part of LISP EID blocks that can be summarized in coarse-aggregates and advertised
by the PITR into the core network. The advertisement of the IPv4 coarse-aggregate of 172.16.0.0/16
and the IPv6 coarse-aggregate of 2001:db8::/33 by the PITR into the IPv4 and IPv6 core networks is
also assumed.
• The PITR eBGP peers with the core router with locators 10.10.11.1 and 2001:db8:e000:3::1 in order to
advertise the coarse-aggregate IPv4 EID prefix of 172.16.0.0/16 and the IPv6 EID prefix of 2001:db8::/33
into the IPv4 and IPv6 cores, respectively.
• The PITR is configured to use the LISP ALT (GRE+BGP) via the map server with locators 10.10.10.13
and 2001:db8:e000:2::3. The relevant configuration is shown for the PITR.
Other Infrastructure
• The MS has IPv4 and IPv6 tunnel endpoints in the VRF table (named lisp) of 192.168.5/30 and
2001:db8:ffff::5/64, respectively. The configuration of the map server is not in the task table.
• The core router has an IPv4 address of 10.10.11.1 and an IPv6 address of 2001:db8:e000:3::1. These
addresses will be used for eBGP peering. The core router configuration is assumed to be familiar as a
typical ISP peering router and is therefore not included in the task table.
SUMMARY STEPS
1. configure terminal
2. vrf definition vrf-name
3. rd route-distinguisher
4. address-family ipv4 [unicast]
5. exit-address-family
6. address-family ipv6
7. exit-address-family
8. exit
9. interface type number
10. vrf forwarding vrf-name
11. ip address ip-address mask
12. ipv6 address ipv6-address/mask
13. tunnel source interface-type interface-number
14. tunnel destination ipv4-address
15. exit
16. router lisp
17. ipv4 alt-vrf vrf-name
18. ipv4 proxy-itr ipv4-locator [ipv6-locator]
19. ipv4 map-cache-limit map-cache-limit
20. ipv6 alt-vrf vrf-name
21. ipv6 proxy-itr ipv6-locator [ipv4-locator]
22. ipv6 map-cache-limit map-cache-limit
23. exit
24. router bgp autonomous-system-number
25. address-family ipv4 [unicast | multicast | vrf vrf-name]
26. neighbor ip-address remote-as autonomous-system-number
27. neighbor ip-address activate
28. exit
29. address-family ipv6 [unicast | multicast | vrf vrf-name]
30. neighbor ip-address remote-as autonomous-system-number
31. neighbor ip-address activate
32. exit
33. exit
34. ip route ipv4-prefix next-hop
35. ip route ipv4-prefix next-hop
36. ipv6 route ipv6-prefix next-hop
37. ipv6 route ipv6-prefix next-hop
38. exit
DETAILED STEPS
Example:
Router# configure terminal
Step 2 vrf definition vrf-name Configures a virtual routing and forwarding (VRF) table and enters
VRF configuration mode.
Example: • Use the vrf-name argument to specify a name to be assigned
Router(config)# vrf definition lisp to the VRF. In this example, a VRF named lisp is created to
hold EID prefixes.
Example:
Router(config-vrf)# rd 1:1
Step 4 address-family ipv4 [unicast] Enters VRF IPv4 address family configuration mode to specify an
IPv4 address family for a VRF table.
Example: • In this example, the VRF named lisp handles IPv4 EID
Router(config-vrf)# address-family ipv4 prefixes.
Step 5 exit-address-family Exits VRF address family configuration mode and returns to VRF
configuration mode.
Example:
Router(config-vrf-af)#
exit-address-family
Step 6 address-family ipv6 Enters VRF IPv6 address family configuration mode to specify an
IPv6 address family for a VRF table.
Example: • In this example, the VRF table named lisp handles IPv6 EID
Router(config-vrf)# address-family ipv6 prefixes.
Step 7 exit-address-family Exits VRF address family configuration mode and returns to VRF
configuration mode.
Example:
Router(config-vrf-af)#
exit-address-family
Step 8 exit Exits VRF configuration mode and enters global configuration mode.
Example:
Router(config-vrf)# exit
Step 10 vrf forwarding vrf-name Associates a VRF instance configured in Step 2 with the tunnel
interface configured in Step 9.
Example: • When the interface is bound to a VRF, previously configured
Router(config-if)# vrf forwarding lisp IP addresses are removed, and the interface is disabled.
Step 11 ip address ip-address mask Configures an IPv4 address for the tunnel interface.
Example:
Router(config-if)# ip address 192.168.1.6
255.255.255.252
Step 12 ipv6 address ipv6-address/mask Configures an IPv6 address for the tunnel interface.
Example:
Router(config-if)# ipv6 address
2001:DB8:ffff::6/64
Example:
Router(config-if)# tunnel source
GigabitEthernet 0/0/0
Step 14 tunnel destination ipv4-address Configures the tunnel destination IPv4 address for the tunnel
interface.
Example:
Router(config-if)# tunnel destination
10.10.10.13
Step 15 exit Exits interface configuration mode and enters global configuration
mode.
Example:
Router(config-if)# exit
Example:
Router(config)# router lisp
Step 17 ipv4 alt-vrf vrf-name Associates a VRF table with the LISP ALT for IPv4 EIDs.
Step 18 ipv4 proxy-itr ipv4-locator [ipv6-locator] Enables Proxy Ingress Tunnel Router (PITR) functionality for IPv4
EIDs, and specifies the IPv4 and (optionally) the IPv6 RLOCs (local
Example: to the PITR) to use when LISP-encapsulating packets to LISP sites.
Router(config-router-lisp)# ipv4
proxy-itr 10.10.10.11 2001:db8:e000:2::2
Step 19 ipv4 map-cache-limit map-cache-limit Specifies the maximum number of IPv4 map-cache entries to be
maintained by the PITR.
Example: • When the map-cache reaches this limit, existing entries are
Router(config-router-lisp)# ipv4 removed according to the rules described in the command
map-cache-limit 100000 reference guide. (See the LISP Command Reference for more
details.)
• The default map-cache-limit is 10000. In this example, since
the device is being configured as a PITR, a larger map-cache
limit is configured.
Step 20 ipv6 alt-vrf vrf-name Associates a VRF table with the LISP ALT for IPv6 EIDs.
• In this example, the VRF table named lisp (created in Step 2)
Example: is associated with the LISP ALT.
Router(config-router-lisp)# ipv6 alt-vrf
lisp
Step 21 ipv6 proxy-itr ipv6-locator [ipv4-locator] Enables Proxy Ingress Tunnel Router (PITR) functionality for IPv6
EIDs, and specifies the IPv6 and (optionally) the IPv4 RLOCs (local
Example: to the PITR) to use when LISP-encapsulating packets to LISP sites.
Router(config-router-lisp)# ipv6
proxy-itr 2001:db8:e000:2::2 10.10.10.11
Step 22 ipv6 map-cache-limit map-cache-limit Specifies the maximum number of IPv6 map-cache entries to be
maintained by the PITR.
Example: • When the map-cache reaches this limit, existing entries are
Router(config-router-lisp)# ipv6 removed according to the rules described in the command
map-cache-limit 100000 reference guide. (See the LISP Command Reference for more
details.)
Step 24 router bgp autonomous-system-number Enters router configuration mode for the specified routing process.
Example:
Router(config)# router bgp 65015
Step 25 address-family ipv4 [unicast | multicast | vrf Specifies the IPv4 address family and enters IPv4 address family
vrf-name] configuration mode.
• The vrf keyword and vrf-name argument specify the name of
Example: the VRF instance to associate with subsequent commands.
Router(config-router)# address-family
ipv4 vrf lisp • In this example, the VRF table named lisp (created in Step 2)
is associated with the BGP IPv4 VRF that carries EID prefixes
in the LISP ALT.
Step 26 neighbor ip-address remote-as Adds the IP address of the neighbor in the specified autonomous
autonomous-system-number system to the IPv4 multiprotocol BGP neighbor table of the local
router.
Example:
Router(config-router-af)# neighbor
192.168.1.5 remote-as 65011
Step 27 neighbor ip-address activate Enables the neighbor to exchange prefixes for the IPv4 unicast
address family.
Example:
Router(config-router-af)# neighbor
192.168.1.5 activate
Example:
Router(config-router-af)# exit
Step 29 address-family ipv6 [unicast | multicast | vrf Specifies the IPv6 address family and enters IPv6 address family
vrf-name] configuration mode.
• The vrf keyword and vrf-name argument specify the name of
Example: the VRF instance to associate with subsequent commands.
Router(config-router-af)# address-family
ipv6 vrf lisp • In this example, the VRF table named lisp (created in Step 2)
is associated with the BGP IPv6 VRF that carries EID prefixes
in the LISP ALT.
Step 31 neighbor ip-address activate Enables the neighbor to exchange prefixes for the IPv6 unicast
address family.
Example:
Router(config-router-af)# neighbor
2001:db8:ffff::5 activate
Example:
Router(config-router-af)# exit
Example:
Router(config-router)# exit
Example:
Router(config)# exit
Example:
Figure 19: Proxy Ingress Tunnel Router with both an IPv4 and an IPv6 RLOC
The example below shows the full configuration for a PITR includes some basic IP, BGP, and route map
configuration not included in the task table for this task:
!
hostname PITR
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0
no ip address
!
interface Tunnel191
vrf forwarding lisp
SUMMARY STEPS
1. enable
2. show running-config | section router lisp
3. show [ip | ipv6] lisp
4. show [ip | ipv6] lisp map-cache
5. show [ip | ipv6] lisp database
6. show lisp site [name site-name]
7. lig {[self {ipv4 | ipv6}] | {hostname | destination-EID}}
8. ping {hostname | destination-EID}
9. clear [ip | ipv6] lisp map-cache
DETAILED STEPS
Step 1 enable
Enables privileged EXEC mode. Enter your password if prompted.
Example:
Router> enable
Example:
Router# show running-config | section router lisp
router lisp
database-mapping 172.16.1.0/24 10.1.1.2 priority 1 weight 50
database-mapping 172.16.1.0/24 10.2.1.2 priority 1 weight 50
database-mapping 2001:DB8:A::/48 10.1.1.2 priority 1 weight 50
database-mapping 2001:DB8:A::/48 10.2.1.2 priority 1 weight 50
ipv4 itr map-resolver 10.10.10.10
ipv4 itr map-resolver 10.10.30.10
ipv4 itr
ipv4 etr map-server 10.10.10.10 key some-key
ipv4 etr map-server 10.10.30.10 key some-key
ipv4 etr
ipv6 use-petr 10.10.10.11
ipv6 use-petr 10.10.30.11
ipv6 itr map-resolver 10.10.10.10
Example:
The following example shows LISP operational status and IPv4 address family information:
Example:
The following example shows LISP operational status and IPv6 address family information:
this example output assumes that a map-cache entry has been received for another site with the IPv4 EID prefix of
172.16.2.0/24 and the IPv6 EID prefix of 2001:db8:b::/48.
Example:
The following example shows IPv4 mapping cache information:
Example:
The following example shows IPv6 mapping cache information:
Example:
The following example shows IPv4 mapping database information:
172.16.1.0/24
Locator Pri/Wgt Source State
10.1.1.2 1/50 cfg-addr site-self, reachable
10.2.1.2 1/50 cfg-addr site-other, report-reachable
Example:
The following example shows IPv6 mapping database information:
2001:DB8:A::/48
Locator Pri/Wgt Source State
Example:
Router# show lisp site
Example:
Router# show lisp site name Site-1
Example:
Router# lig self ipv4
Mapping information for EID 172.16.1.0 from 10.1.1.2 with RTT 12 msecs
172.16.1.0/24, uptime: 00:00:00, expires: 23:59:52, via map-reply, self
Locator Uptime State Pri/Wgt
10.1.1.2 00:00:00 up, self 1/50
10.2.1.2 00:00:00 up 1/50
Example:
Router# lig self ipv6
Mapping information for EID 2001:DB8:A:: from 10.0.0.2 with RTT 12 msecs
2001:DB8:A::/48, uptime: 00:00:00, expires: 23:59:52, via map-reply, self
Locator Uptime State Pri/Wgt
10.1.1.2 00:00:00 up, self 1/50
10.2.1.2 00:00:00 up 1/50
Example:
Router# lig 172.16.2.1
Mapping information for EID 2001:DB8:A:: from 10.0.0.2 with RTT 12 msecs
2001:DB8:A::/48, uptime: 00:00:00, expires: 23:59:52, via map-reply, self
Locator Uptime State Pri/Wgt
10.1.1.2 00:00:00 up, self 1/50
10.2.1.2 00:00:00 up 1/50
Example:
Router# lig 2001:db8:b::1
Mapping information for EID 172.16.2.1 from 10.0.0.6 with RTT 4 msecs
2001:DB8:B::/48, uptime: 01:52:45, expires: 23:59:52, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.0.6 01:52:45 up 1/1
The ping command is applicable to the IPv4 and IPv6 address families, respectively, and can be used on any LISP
device but is limited by the LISP device and site configuration. (For example, the ability to do LISP encapsulation
requires the device to be configured as either an ITR or PITR.)
The following examples are based on configurations where a mulithomed LISP site is configured with both IPv4 and
IPv6 EID prefixes:
Example:
Router# ping 172.16.2.1 source 172.16.1.1
Example:
Router# ping 2001:db8:b::1 source 2001:db8:a::1
Example:
The following example shows IPv4 mapping cache information, how to clear the mapping cache, and the show information
after the cache is cleared.
Example:
The following example shows IPv6 mapping cache information, how to clear the mapping cache, and the show information
after the cache is cleared.
Additional References
The following sections provide references related to the Locator ID Separation Protocol.
Related Documents
Standards
Standard Title
IANA Address Family Numbers http://www.iana.org/assignments/
address-family-numbers/address-family-numbers.xml
MIBs
RFCs
RFC Title
draft-ietf-lisp-07 Locator/ID Separation Protocol (LISP) http://
tools.ietf.org/html/draft-ietf-lisp-07
Technical Assistance
Description Link
The Cisco Support website provides extensive online http://www.cisco.com/cisco/web/support/index.html
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.
• You must configure IPv6 multicast and LISP services on the device. The configuration of IPv6 multicast
over LISP is covered in "How to Configure LISP Multicast" and "Example: Configuring IPv6 Multicast
over LISP" sections of this guide.
Note IPv6 LISP multicast is supported only from Cisco IOS Release 16.2 onwards, though releases earlier than
16.2 supports only IPv4 LISP multicast
Note If a LISP xTR is also a PIM First Hop Router (FH) or a Rendezvous Point (RP) and the device is only
receiving traffic, ensure that at least one interface on the device is covered by a local LISP database
mapping. No additional configuration is required to ensure that proper address is selected.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip multicast-routing [distributed]
4. Enter one of the following:
• ip pim rp-address rp-address
• ip pim ssm {default | range {access-list-number | access-list-name}}
DETAILED STEPS
Example:
Device> enable
Example:
Device# configure terminal
Example:
Device(config)# ip multicast-routing
Step 4 Enter one of the following: • Statically configures the address of a Protocol
Independent Multicast (PIM) rendezvous point (RP)
• ip pim rp-address rp-address for multicast groups.
• ip pim ssm {default | range {access-list-number | • Defines the Source Specific Multicast (SSM) range
access-list-name}} of IP multicast addresses.
Example:
Device(config)# ip pim rp-address 10.1.0.2
Example:
Device(config)# ip pim ssm default
Step 5 interface lisp interface-number Selects a LISP interface to configure and enters interface
configuration mode.
Example:
Device(config)# interface LISP0
Step 6 ipv6 pim lisp transport [ipv4] Selects a LISP interface to configure and enters interface
configuration mode.
Example:
Device(config-if)# ipv6 pim lisp transport
unicast ipv4
Step 9 interface interface-type interface-number Configures the LISP interface facing the site and enters
interface configuration mode.
Example:
Device(config)# interface GigabitEthernet0/0/0
Example:
Device(config-if)# description Link To Site
SUMMARY STEPS
1. enable
2. configure terminal
3. vrf definition vrf-name
4. address-family ipv4
5. exit
6. exit
7. ip multicast-routing vrf vrf-name [distributed]
8. Enter one of the following:
• ip pim vrf vrf-name rp-address ip-address
• ip pim vrf vrf-name ssm {default | range {access-list-number | access-list-name}}
DETAILED STEPS
Example:
Device> enable
Example:
Device# configure terminal
Step 3 vrf definition vrf-name Configures a virtual routing and forwarding (VRF) routing
table instance and enters VRF configuration mode.
Example:
Device(config)# vrf definition VRF1
Step 4 address-family ipv4 Configures an address family for the VRF and enters VRF
address family configuration mode.
Example:
Device(config-vrf)# address-family ipv4
Example:
Device(config)# ip multicast-routing vrf VRF1
distributed
Step 8 Enter one of the following: • Statically configures the address of a Protocol
Independent Multicast (PIM) rendezvous point (RP)
• ip pim vrf vrf-name rp-address ip-address for multicast groups.
• ip pim vrf vrf-name ssm {default | range • Defines the Source Specific Multicast (SSM) range
{access-list-number | access-list-name}} of IP multicast addresses.
Example:
Device(config)# ip pim vrf VRF1 rp-address
10.1.0.2
Example:
Device(config)# ip pim vrf VRF1 ssm default
Step 9 interface lisp interface-number Selects a LISP interface to configure and enters interface
configuration mode.
Example:
Device(config)# interface lisp 22.10
Example:
Device(config-if)# vrf forwarding VRF1
Example:
Device(config-if)# description Link To Site
SUMMARY STEPS
DETAILED STEPS
Example:
The following example shows how the IP multicast routing table is displayed using the show ip mroute command:
Device# show ip mroute 239.4.4.4
Example:
The following example shows how to verify basic multicast network connectivity by pinging the multicast address:
Device# ping 239.4.4.4
Router 1
The following example shows how to configure LISP multicast in Router 1:
Device# show startup-config
!
ip multicast-routing
!
interface Loopback1
ip address 192.168.0.1 255.255.255.255
ip pim sparse-mode
ip igmp join-group 239.4.4.4
serial restart-delay 0
!
interface Loopback2
ip address 192.168.0.2 255.255.255.255
ip pim sparse-mode
The following example shows how to verify the configuration of LISP multicast routes in Router 1:
Device# show ip mroute
The following example shows how to verify basic multicast network connectivity from Router 1 by pinging
the multicast address:
Device# ping 239.4.4.4
xTR1
The following example shows how to configure LISP multicast in xTR1:
Device# show startup-config
!
ip multicast-routing
!
interface LISP0
ip pim sparse-mode
!
interface Serial1/0
ip address 10.1.0.2 255.255.255.0
ip pim sparse-mode
serial restart-delay 0
!
interface Serial2/0
ip address 10.2.0.1 255.255.255.0
serial restart-delay 0
!
router lisp
database-mapping 192.168.0.0/24 10.2.0.1 priority 1 weight 100
ipv4 itr map-resolver 10.14.0.14
ipv4 itr
ipv4 etr map-server 10.14.0.14 key password123
ipv4 etr
exit
!
!
router rip
version 2
network 10.0.0.0
default-information originate
!
ip pim rp-address 10.1.0.2
ip route 0.0.0.0 0.0.0.0 10.2.0.2
!
Router 2
The following example shows how to configure LISP multicast in Router 2:
Device# show startup-config
!
ip multicast-routing
!
interface Loopback1
ip address 192.168.1.1 255.255.255.255
ip pim sparse-mode
ip igmp join-group 239.4.4.4
serial restart-delay 0
!
interface Loopback2
ip address 192.168.1.2 255.255.255.255
ip pim sparse-mode
ip igmp join-group 239.4.4.4
serial restart-delay 0
!
interface Loopback3
ip address 192.168.1.3 255.255.255.255
ip pim sparse-mode
ip igmp join-group 239.4.4.4
serial restart-delay 0
!
interface Serial0/0
ip address 10.4.0.2 255.255.255.0
ip pim sparse-mode
serial restart-delay 0
!
!
router rip
version 2
network 10.0.0.0
network 192.168.1.0
default-information originate
!
ip forward-protocol nd
!
!
ip pim rp-address 10.1.0.2
!
!
End
The following example shows how to verify the configuration of LISP multicast routes in Router 2:
Device# show ip mroute
The following example shows how to verify basic multicast network connectivity from Router 2 by pinging
the multicast address:
Device# ping 239.4.4.4
xTR2
The following example shows how to configure LISP multicast in xTR2:
Device# show startup-config
!
ip multicast-routing
!
interface LISP0
ip pim sparse-mode
!
!
interface Serial1/0
ip address 10.3.0.2 255.255.255.0
serial restart-delay 0
!
interface Serial2/0
ip address 10.4.0.1 255.255.255.0
ip pim sparse-mode
serial restart-delay 0
!
!
router lisp
database-mapping 192.168.1.0/24 10.3.0.2 priority 1 weight 100
ipv4 itr map-resolver 10.14.0.14
ipv4 itr
ipv4 etr map-server 10.14.0.14 key Amel
ipv4 etr
exit
!
router rip
version 2
network 10.0.0.0
default-information originate
!
ip pim rp-address 10.1.0.2
ip route 0.0.0.0 0.0.0.0 10.3.0.1
!
MS/MR
The following example shows how to configure LISP multicast in MS/MR:
Device# show startup-config
!
ip multicast-routing
!
interface Serial3/0
ip address 10.14.0.14 255.255.255.0
serial restart-delay 0
!
!
router lisp
site Site-A
authentication-key password123
eid-prefix 192.168.0.0/24
exit
!
site Site-B
authentication-key Amel
eid-prefix 192.168.1.0/24
exit
!
ipv4 map-server
ipv4 map-resolver
exit
!
ip route 0.0.0.0 0.0.0.0 10.14.0.1
!
Core
The following example shows how to configure LISP multicast in the Core router:
Device# show startup-config
!
ip multicast-routing
!
interface Ethernet0/0
ip address 10.14.0.1 255.255.255.0
serial restart-delay 0
!
interface Serial1/0
ip address 10.2.0.2 255.255.255.0
serial restart-delay 0
!
interface Serial2/0
ip address 10.3.0.1 255.255.255.0
serial restart-delay 0
!
Device(config-vrf)# exit
Device(config)# ip multicast-routing vrf VRF1 [distributed]
Device(config)# ip pim vrf VRF1 ssm range LIST1
Device(config)# router lisp 22
Device(config-router-lisp)# eid-table vrf VRF1 instance-id 10
Device(config-router-lisp-eid-table)# database-mapping 198.51.100.0/24 192.0.2.10 priority
1 weight 100
Device(config-router-lisp-eid-table)# exit
Device(config-router-lisp)# ipv4 itr
Device(config-router-lisp)# ipv4 etr
Device(config-router-lisp)# ipv4 itr map-resolver 192.0.2.10
Device(config-router-lisp)# ipv4 etr map-server 192.0.2.10 key 0 some-key
Device(config-router-lisp)# exit
Device(config)# interface lisp 22.10
Device(config-if)# ip pim sparse-mode
Device(config-if)# exit
Device(config)# ip route 0.0.0.0 0.0.0.0 192.0.2.20
Device(config)# end
Related Documents
Standards
Standard Title
Address family numbers IANA Address Family Numbers
MIBs
RFCs
RFC Title
RFC 6830 Locator/ID Separation Protocol (LISP) http://
tools.ietf.org/html/
Technical Assistance
Description Link
The Cisco Support website provides extensive online http://www.cisco.com/cisco/web/support/index.html
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.
When considering the deployment of a virtualized network environment, take into account both the device
and the path level.
within a VFR, just as it would be in the global (default) routing table. As described in detail below, LISP
binds VRFs to instance IDs for similar purposes.
Because LISP considers virtualization of both EID and RLOC namespaces, two models of operation are
defined: shared model and parallel model. For completeness, the discussions below begin first with a review
of the default (non-virtualized) model of LISP, and then cover the details of shared and parallel models.
Figure 24: Default (Non-Virtualized) LISP Model (Resolves Both EID and RLOC Addresses in the Default (Global) Routing
Table.
As shown in the figure above, both EID and RLOC addresses are resolved in the default table. The mapping
system must also be reachable via the default table. This default model can be thought of as a single instantiation
of the parallel model of LISP virtualization where EID and RLOC addresses are within the same namespace
such as is the case in this default table.
Figure 25: LISP shared model virtualization resolves EIDs within VRFs tied to Instance IDs. RLOC addresses are resolved
in a common (shared) address space. The default (global) routing table is shown as the shared space.
As shown in the figure above, EID space is virtualized through its association with VRFs, and these VRFs
are tied to LISP Instance IDs to segment the control plane and data plane in LISP. A common, shared locator
space, the default (global) table as shown in the figure above, is used to resolve RLOC addresses for all
virtualized EIDs. The mapping system must also be reachable via the common locator space.
customers. Each customer and all sites associated with it use the same instance ID and are part of a VPN using
their own EID namespace as shown in the figure below.
Figure 26: In a LISP shared model single tenancy use case, customers use their own xTRs and a shared common core
network and mapping system. LISP instance IDs segment the LISP data plane and control plane.
In the shared model multitenancy case, a set of xTRs is shared (virtualized) among multiple customers. These
customers also share a common infrastructure with other single and multitenant customers. Each customer
and all sites associated with it use the same instance ID and are part of a VPN using their own EID namespace
as shown in the figure below.
Figure 27: In a LISP shared model multitenancy use case, customer's use shared xTRs and a shared common core network
and mapping system. LISP instance IDs segment the LISP data plane and control plane.
PURPLE and GOLD. LISP is used to provide virtualized connectivity between these two sites across a common
IPv4 core, while maintaining address separation between the two VRFs.
Figure 28: Simple LISP Site with virtualized IPv4 and IPv6 EIDs and a shared IPv4 core
Each LISP Site uses a single edge router configured as both an ITR and ETR (xTR), with a single connection
to its upstream provider. The RLOC is IPv4, and IPv4 and IPv6 EID prefixes are configured. Each LISP site
registers to a map server/map resolver (MS/MR) device located in the network core within the shared RLOC
address space. The topology used in this most basic LISP configuration is shown in the figure above.
The components illustrated in the topology shown in the figure above are described below:
• LISP site:
• The CPE functions as a LISP ITR and ETR (xTR).
• Both LISP xTRs have two VRFs: GOLD and PURPLE, with each VRF containing both IPv4 and
IPv6 EID-prefixes, as shown in the figure above. Note the overlapping prefixes, used for illustration
purposes. A LISP instance-id is used to maintain separation between two VRFs. Note that in this
example, the share key is configured "per-site" and not "per-VRF." (Case 2 illustrates a configuration
where the shared key is per-VPN.)
• Each LISP xTR has a single RLOC connection to a shared IPv4 core network.
• Mapping system:
• One map server/map resolver system is shown in the figure above and assumed available for the
LISP xTR to register to. The MS/MR has an IPv4 RLOC address of 10.0.2.2, within the shared
IPv4 core.
• The map server site configurations are virtualized using LISP instance-ids to maintain separation
between the two VRFs.
Perform the steps in this task (once through for each xTR in the LISP site) to enable and configure LISP ITR
and ETR (xTR) functionality when using a LISP map-server and map-resolver for mapping services. The
example configurations at the end of this task show the full configuration for two xTRs (xTR1 and xTR2).
SUMMARY STEPS
1. configure terminal
2. router lisp
3. eid-table vrfvrf-name instance-id instance-id
4. Do one of the following:
• database-mapping EID-prefix/prefix-length locator priority priority weight weight
• database-mapping EID-prefix/prefix-length locator priority priority weight weight
5. Repeat Step 4 until all EID-to-RLOC mappings for the LISP site are configured.
6. exit
7. ipv4 itr
8. ipv4 etr
9. ipv4 itr map-resolver map-resolver-address
10. ipv4 etr map-server map-server-address key key-type authentication-key
11. ipv6 itr
12. ipv6 etr
13. ipv6 itr map-resolver map-resolver-address
14. ipv6 etr map-server map-server-address key key-type authentication-key
15. exit
16. ip route ipv4-prefix next-hop
17. exit
DETAILED STEPS
Example:
Router# configure terminal
Example:
Router(config)# router lisp
Step 4 Do one of the following: Configures an EID-to-RLOC mapping relationship and its associated
traffic policy for this LISP site.
• database-mapping
EID-prefix/prefix-length locator priority • In the first example, a single IPv4 EID prefix, 192.168.1.0/24, is
priority weight weight being associated with the single IPv4 RLOC 10.0.0.2.
• database-mapping • In the second example, the alternative configuration shows the use
EID-prefix/prefix-length locator priority of the dynamic interface form of the database-mapping command.
priority weight weight This form is useful when the RLOC address is obtained dynamically,
such as via DHCP.
Example:
Router(config-router-lisp-eid-table)#
database-mapping 192.168.1.0/24
10.0.0.2 priority 1 weight 100
Example:
Router(config-router-lisp-eid-table)#
database-mapping 192.168.1.0/24
ipv4-interface Ethernet0/0 priority 1
weight 100
Step 5 Repeat Step 4 until all EID-to-RLOC Configures an EID-to-RLOC mapping relationship and its associated
mappings for the LISP site are configured. traffic policy for this LISP site.
Example:
Router(config-router-lisp-eid-table)#
database-mapping 2001:db8:b:a::/64
10.0.0.2 priority 1 weight 100
Step 6 exit Exits eid-table configuration submode and returns to LISP configuration
mode.
Example:
Router(config-router-lisp-eid-table)#
exit
Step 7 ipv4 itr Enables LISP ITR functionality for the IPv4 address family.
Example:
Router(config-router-lisp)# ipv4 itr
Example:
Router(config-router-lisp)# ipv4 etr
Step 9 ipv4 itr map-resolver map-resolver-address Configures a locator address for the LISP map resolver to which this
router will send map request messages for IPv4 EID-to-RLOC mapping
Example: resolutions.
Router(config-router-lisp)# ipv4 itr • The locator address of the map resolver may be an IPv4 or IPv6
map-resolver 10.0.2.2 address. In this example, because each xTR has only IPv4 RLOC
connectivity, the map resolver is reachable using its IPv4 locator
address. (See the LISP Command Reference Guide for more details.)
Note The locator address of the map server may be an IPv4 or IPv6
address. In this example, because each xTR has only IPv4 RLOC
connectivity, the map-server is reachable using its IPv4 locator
addresses. (See the LISP Command Reference Guide for more
details.)
Step 11 ipv6 itr Enables LISP ITR functionality for the IPv6 address family.
Example:
Router(config-router-lisp)# ipv6 itr
Step 12 ipv6 etr Enables LISP ETR functionality for the IPv6 address family.
Example:
Router(config-router-lisp)# ipv6 etr
Step 13 ipv6 itr map-resolver map-resolver-address Configures a locator address for the LISP map resolver to which this
router will send map request messages for IPv6 EID-to-RLOC mapping
Example: resolutions.
Router(config-router-lisp)# ipv6 itr • The locator address of the map resolver may be an IPv4 or IPv6
map-resolver 10.0.2.2 address. In this example, because each xTR has only IPv4 RLOC
connectivity, the map-resolver is reachable using its IPv4 locator
Example:
Router(config-router-lisp)# exit
Step 16 ip route ipv4-prefix next-hop Configures a default route to the upstream next hop for all IPv4
destinations.
Example: • All IPv4 EID-sourced packets destined to both LISP and non-LISP
Router(config)# ip route 0.0.0.0 sites are forwarded in one of two ways:
0.0.0.0 10.0.0.1
• LISP-encapsulated to a LISP site when traffic is LISP-to-LISP
• natively forwarded when traffic is LISP-to-non-LISP
Example:
Router(config)# exit
Example:
The examples below show the complete configuration for the LISP topology illustrated in the figure shown
above the task steps and follows the examples in the steps in this task. On the xTRs, the VRFs and EID prefixes
are assumed to be attached to VLANs configured on the devices.
Example configuration for the Left xTR:
hostname Left-xTR
!
ipv6 unicast-routing
!
vrf definition PURPLE
address-family ipv4
exit
address-family ipv6
exit
!
vrf definition GOLD
address-family ipv4
exit
address-family ipv6
exit
!
interface Ethernet0/0
ip address 10.0.0.2 255.255.255.0
!
interface Ethernet1/0.1
encapsulation dot1q 101
vrf forwarding PURPLE
ip address 192.168.1.1 255.255.255.0
ipv6 address 2001:DB8:A:A::1/64
!
interface Ethernet1/0.2
encapsulation dot1q 102
vrf forwarding GOLD
ip address 192.168.1.1 255.255.255.0
ipv6 address 2001:DB8:B:A::1/64
!
router lisp
eid-table vrf PURPLE instance-id 101
database-mapping 192.168.1.0/24 10.0.0.2 priority 1 weight 1
database-mapping 2001:DB8:A:A::/64 10.0.0.2 priority 1 weight 1
eid-table vrf GOLD instance-id 102
database-mapping 192.168.1.0/24 10.0.0.2 priority 1 weight 1
database-mapping 2001:DB8:B:A::/64 10.0.0.2 priority 1 weight 1
exit
!
ipv4 itr map-resolver 10.0.2.2
ipv4 itr
ipv4 etr map-server 10.0.2.2 key Left-key
ipv4 etr
ipv6 itr map-resolver 10.0.2.2
ipv6 itr
ipv6 etr map-server 10.0.2.2 key Left-key
ipv6 etr
exit
!
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!
Example configuration for Right xTR:
hostname Right-xTR
!
ipv6 unicast-routing
!
vrf definition PURPLE
address-family ipv4
exit
address-family ipv6
exit
!
vrf definition GOLD
address-family ipv4
exit
address-family ipv6
exit
!
interface Ethernet0/0
ip address 10.0.1.2 255.255.255.0
!
interface Ethernet1/0.1
encapsulation dot1q 101
vrf forwarding PURPLE
ip address 192.168.2.1 255.255.255.0
ipv6 address 2001:DB8:A:B::1/64
!
interface Ethernet1/0.2
encapsulation dot1q 102
vrf forwarding GOLD
ip address 192.168.2.1 255.255.255.0
ipv6 address 2001:DB8:B:B::1/64
!
router lisp
eid-table vrf PURPLE instance-id 101
database-mapping 192.168.2.0/24 10.0.1.2 priority 1 weight 1
database-mapping 2001:DB8:A:B::/64 10.0.1.2 priority 1 weight 1
eid-table vrf GOLD instance-id 102
database-mapping 192.168.2.0/24 10.0.1.2 priority 1 weight 1
database-mapping 2001:DB8:B:B::/64 10.0.1.2 priority 1 weight 1
exit
!
ipv4 itr map-resolver 10.0.2.2
ipv4 itr
ipv4 etr map-server 10.0.2.2 key Right-key
ipv4 etr
ipv6 itr map-resolver 10.0.2.2
ipv6 itr
ipv6 etr map-server 10.0.2.2 key Right-key
ipv6 etr
exit
!
ip route 0.0.0.0 0.0.0.0 10.0.1.1
!
Configuring a Private LISP Mapping System for LISP Shared Model Virtualization
Perform this task to configure and enable standalone LISP map server/map resolver functionality for LISP
shared model virtualization. In this task, a Cisco router is configured as a standalone map server/map resolver
(MR/MS) for a private LISP mapping system. Because the MR/MS is configured as a stand-alone device, it
has no need for LISP Alternate Logical Topology (ALT) connectivity. All relevant LISP sites must be
configured to register with this map server so that this map server has full knowledge of all registered EID
Prefixes within the (assumed) private LISP system.
SUMMARY STEPS
1. enable
2. configure terminal
3. router lisp
4. site site-name
5. authentication-key [key-type] authentication-key
6. eid-prefix instance-id instance-id EID-prefix
7. eid-prefix instance-id instance-id EID-prefix
8. exit
9. ipv4 map-resolver
10. ipv4 map-server
11. ipv6 map-resolver
12. ipv6 map-server
13. end
DETAILED STEPS
Example:
Router# configure terminal
Example:
Router(config)# router lisp
Step 4 site site-name Specifies a LISP site named Left and enters LISP site configuration
mode.
Example: Note A LISP site name is locally significant to the map server on
Router(config-router-lisp)# site Left which it is configured. It has no relevance anywhere else.
This name is used solely as an administrative means of
associating EID-prefix or prefixes with an authentication
key and other site-related mechanisms.
Step 6 eid-prefix instance-id instance-id EID-prefix Configures an EID prefix and instance ID that are allowed in a map
register message sent by an ETR when registering to this map server.
Example: Repeat this step as necessary to configure additional EID prefixes
under this LISP site.
Router(config-router-lisp-site)#
eid-prefix instance-id 102 192.168.1.0/24 • In this example, the IPv4 EID prefix 192.168.1.0/24 and
instance ID 102 are associated together. To complete this task,
an IPv6 EID prefix is required.
Step 7 eid-prefix instance-id instance-id EID-prefix Configures an EID prefix and instance ID that are allowed in a map
register message sent by an ETR when registering to this map server.
Example: • In this example, the IPv6 EID prefix 2001:db8:a:b::/64 and
Router(config-router-lisp-site)# instance ID 102 are associated together.
eid-prefix instance-id 102
2001:db8:a:b::/64
Step 8 exit Exits LISP site configuration mode and returns to LISP configuration
mode.
Example:
Router(config-router-lisp-site)# exit
Step 9 ipv4 map-resolver Enables LISP map resolver functionality for EIDs in the IPv4 address
family.
Example:
Router(config-router-lisp)# ipv4
map-resolver
Step 10 ipv4 map-server Enables LISP map server functionality for EIDs in the IPv4 address
family.
Example:
Router(config-router-lisp)# ipv4
map-server
Step 11 ipv6 map-resolver Enables LISP map resolver functionality for EIDs in the IPv6 address
family.
Example:
Router(config-router-lisp)# ipv6
map-resolver
Step 13 end Exits LISP configuration mode and returns to privileged EXEC mode.
Example:
Router(config-router-lisp)# end
Example:
Example configuration for the map server/map resolver.
hostname MSMR
!
interface Ethernet0/0
ip address 10.0.2.2 255.255.255.0
!
router lisp
!
site Left
authentication-key Left-key
eid-prefix instance-id 101 192.168.1.0/24
eid-prefix instance-id 101 2001:DB8:A:A::/64
eid-prefix instance-id 102 192.168.1.0/24
eid-prefix instance-id 102 2001:DB8:B:A::/64
exit
!
site Right
authentication-key Right-key
eid-prefix instance-id 101 192.168.2.0/24
eid-prefix instance-id 101 2001:DB8:A:B::/64
eid-prefix instance-id 102 192.168.2.0/24
eid-prefix instance-id 102 2001:DB8:B:B::/64
exit
!
ipv4 map-server
ipv4 map-resolver
ipv6 map-server
ipv6 map-resolver
exit
!
ip route 0.0.0.0 0.0.0.0 10.0.2.1
The configuration demonstrated in this task shows a more complex, larger scale LISP virtualization solution.
In this task, an enterprise is deploying LISP Shared Model where EID space is virtualized over a shared,
common core network. A subset of their entire network is illustrated in Figure 12. In this figure, three sites
are shown: a multihomed "Headquarters" (HQ) site, and two remote office sites. The HQ site routers are
deployed as xTRs and also as map resolver/map servers. The remote site routers only act as xTRs, and use
the MS/MRs at the HQ site for LISP control plane support.
Figure 29: Large Scale LISP Site with Virtualized IPv4 EIDs and a Shared IPv4 Core
The components illustrated in the topology shown in the figure above are described below:
• LISP site:
• Each CPE router functions as a LISP ITR and ETR (xTR), as well as a Map-Server/Map-Resolver
(MS/MR).
• Both LISP xTRs have three VRFs: TRANS (for transactions), SOC (for security operations), and
FIN (for financials). Each VRF contains only IPv4 EID-prefixes. Note that no overlapping prefixes
are used, but segmentation between each VRF by LISP instance-ids makes this possible. Also note
that in this example, the separate authentication key is configured “per-vrf ? and not “per-site. ?
This affects both the xTR and MS configurations.
• The HQ LISP Site is multi-homed to the shared IPv4 core, but each xTR at the HQ site has a single
RLOC.
• Each CPE also functions as an MS/MR to which the HQ and Remote LISP sites can register.
• The map server site configurations are virtualized using LISP instance IDs to maintain separation
between the three VRFs.
SUMMARY STEPS
1. configure terminal
2. router lisp
3. site site-name
4. authentication-key [key-type] authentication-key
5. eid-prefix instance-id instance-id EID-prefix/prefix-length accept-more-specifics
6. exit
7. Repeat steps 3 through 6 for each LISP site to be configured.
8. ipv4 map-resolver
9. ipv4 map-server
10. eid-table vrfvrf-name instance-id instance-id
11. database-mapping EID-prefix/prefix-length locator priority priority weight weight
12. Repeat Step 11 until all EID-to-RLOC mappings within this eid-table vrf and instance ID for the LISP
site are configured.
13. ipv4 etr map-server map-server-address key key-type authentication-key
14. Repeat Step 13 to configure another locator address for the same LISP map server
15. exit
16. ipv4 itr map-resolver map-resolver-address
17. Repeat Step 16 to configure another locator address for the LISP map resolver
18. ipv4 itr
19. ipv4 etr
20. exit
21. ip route ipv4-prefix next-hop
22. exit
DETAILED STEPS
Example:
Router# configure terminal
Example:
Router(config)# router lisp
Step 3 site site-name Specifies a LISP site named TRANS and enters LISP site configuration
mode.
Example: Note A LISP site name is locally significant to the map server on which
Router(config-router-lisp)# site it is configured. It has no relevance anywhere else. This name is
TRANS used solely as an administrative means of associating EID-prefix
or prefixes with an authentication key and other site-related
mechanisms.
Step 4 authentication-key [key-type] Configures the password used to create the SHA-2 HMAC hash for
authentication-key authenticating the map register messages sent by an ETR when registering
to the map server.
Example: Note The LISP ETR must be configured with an identical authentication
Router(config-router-lisp-site)# key as well as matching EID prefixes and instance IDs.
authentication-key 0 TRANS-key
Step 5 eid-prefix instance-id instance-id Configures an EID prefix and instance ID that are allowed in a map register
EID-prefix/prefix-length message sent by an ETR when registering to this map server. Repeat this
accept-more-specifics step as necessary to configure additional EID prefixes under this LISP site.
• In the example, EID-prefix 10.1.0.0/16 and instance-id 1 are associated
Example: together. The EID-prefix 10.1.0.0/16 is assumed to be an aggregate
Router(config-router-lisp-site)# covering all TRANS EID-prefixes at all LISP Sites. The keyword
eid-prefix instance-id 1 10.1.0.0/16 accept-more-specifics is needed in this case to allow each site to
accept-more-specifics
register its more-specific EID-prefix contained within that aggregate.
If aggregation is not possible, simply enter all EID-prefixes integrated
within instance-id 1.
Step 6 exit Exits LISP site configuration mode and returns to LISP configuration mode.
Example:
Router(config-router-lisp-site)# exit
Step 8 ipv4 map-resolver Enables LISP map resolver functionality for EIDs in the IPv4 address family.
Example:
Router(config-router-lisp)# ipv4
map-resolver
Step 9 ipv4 map-server Enables LISP map server functionality for EIDs in the IPv4 address family.
Example:
Router(config-router-lisp)# ipv4
map-server
Step 10 eid-table vrfvrf-name instance-id Configures an association between a VRF table and a LISP instance ID,
instance-id and enters eid-table configuration submode.
• In this example, the VRF table TRANS and instance-id 1 are associated
Example: together.
Router(config-router-lisp)# eid-table
vrf TRANS instance-id 1
Step 11 database-mapping EID-prefix/prefix-length Configures an EID-to-RLOC mapping relationship and its associated traffic
locator priority priority weight weight policy for this LISP site.
• In this example, the EID prefix 10.1.1.0/24 within instance-id 1 at this
Example: site is associated with the local IPv4 RLOC 172.16.1.2, as well as with
Router(config-router-lisp-eid-table)# the neighbor xTR RLOC 172.6.1.6.
database-mapping 10.1.1.0/24
172.16.1.2 priority 1 weight 100
Step 12 Repeat Step 11 until all EID-to-RLOC Configures an EID-to-RLOC mapping relationship and its associated traffic
mappings within this eid-table vrf and policy for this LISP site.
instance ID for the LISP site are configured.
Example:
Router(config-router-lisp-eid-table)#
database-mapping 10.1.1.0/24
172.16.1.6 priority 1 weight 100
Step 13 ipv4 etr map-server map-server-address Configures a locator address for the LISP map server and an authentication
key key-type authentication-key key for which this router, acting as an IPv4 LISP ETR, will use to register
with the LISP mapping system.
Example: • In this example, the map server and authentication-key are specified
Router(config-router-lisp-eid-table)# here, within the eid-table subcommand mode, so that the authentication
ipv4 etr map-server 172.16.1.2 key key is associated only with this instance ID, within this VPN.
0 TRANS-key
Step 15 exit Exits eid-table configuration submode and returns to LISP configuration
mode.
Example:
Router(config-router-lisp-eid-table)#
exit
Step 16 ipv4 itr map-resolver map-resolver-address Configures a locator address for the LISP map resolver to which this router
will send map request messages for IPv4 EID-to-RLOC mapping resolutions.
Example: • In this example, the map resolver is specified within router lisp
Router(config-router-lisp)# ipv4 itr configuration mode and inherited into all eid-table instances since
map-resolver 172.16.1.2 nothing is related to any single instance ID. In addition, redundant
map resolvers are configured. (Because the MR is co-located with the
xTRs in this case, this command indicates that this xTR is pointing to
itself for mapping resolution (and its neighbor xTR/MS/MR at the
same site).
• The locator address of the map resolver may be an IPv4 or IPv6
address. In this example, because each xTR has only IPv4 RLOC
connectivity, the map resolver is reachable using its IPv4 locator
address. (See the LISP Command Reference Guide for more details.)
Example:
Router(config-router-lisp)# ipv4 itr
Step 19 ipv4 etr Enables LISP ETR functionality for the IPv4 address family.
Example:
Router(config-router-lisp)# ipv4 etr
Step 20 exit Exits LISP configuration mode and returns to global configuration mode.
Example:
Router(config-router-lisp)# exit
Step 21 ip route ipv4-prefix next-hop Configures a default route to the upstream next hop for all IPv4 destinations.
• All IPv4 EID-sourced packets destined to both LISP and non-LISP
Example: sites are forwarded in one of two ways:
Router(config)# ip route 0.0.0.0
0.0.0.0 172.16.1.1 • LISP-encapsulated to a LISP site when traffic is LISP-to-LISP
• natively forwarded when traffic is LISP-to-non-LISP
In this configuration example, because the xTR has IPv4 RLOC connectivity,
a default route to the upstream SP is used for all IPv4 packets to support
LISP processing.
Example:
Router(config)# exit
Example:
The examples below show the complete configuration for the HQ-RTR-1 and HQ-RTR-2 (xTR/MS/MR
located at the HQ Site), and Site2-xTR LISP devices illustrated in the figure above and in this task. Note that
both HQ-RTR-1 and HQ-RTR-2 are provided in order to illustrate the proper method for configuring a LISP
multihomed site.
Example configuration for HQ-RTR-1 with an xTR, a map server and a map resolver:
hostname HQ-RTR-1
!
vrf definition TRANS
address-family ipv4
exit
!
vrf definition SOC
address-family ipv4
exit
!
vrf definition FIN
address-family ipv4
exit
!
interface Loopback0
description Management Loopback (in default space)
ip address 172.31.1.11 255.255.255.255
!
interface GigabitEthernet0/0/0
description WAN Link to IPv4 Core
ip address 172.16.1.2 255.255.255.252
negotiation auto
!
interface GigabitEthernet0/0/1
vrf forwarding TRANS
ip address 10.1.1.1 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/0/2
vrf forwarding SOC
ip address 10.2.1.1 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/0/3
vrf forwarding FIN
ip address 10.3.1.1 255.255.255.0
negotiation auto
!
router lisp
eid-table default instance-id 0
database-mapping 172.31.1.11/32 172.16.1.2 priority 1 weight 50
database-mapping 172.31.1.11/32 172.16.1.6 priority 1 weight 50
ipv4 etr map-server 172.16.1.2 key DEFAULT-key
ipv4 etr map-server 172.16.1.6 key DEFAULT-key
exit
!
eid-table vrf TRANS instance-id 1
database-mapping 10.1.1.0/24 172.16.1.2 priority 1 weight 50
database-mapping 10.1.1.0/24 172.16.1.6 priority 1 weight 50
ipv4 etr map-server 172.16.1.2 key TRANS-key
ipv4 etr map-server 172.16.1.6 key TRANS-key
exit
!
eid-table vrf SOC instance-id 2
database-mapping 10.2.1.0/24 172.16.1.2 priority 1 weight 50
database-mapping 10.2.1.0/24 172.16.1.6 priority 1 weight 50
ipv4 etr map-server 172.16.1.2 key SOC-key
ipv4 etr map-server 172.16.1.6 key SOC-key
exit
!
eid-table vrf FIN instance-id 3
database-mapping 10.3.1.0/24 172.16.1.2 priority 1 weight 50
database-mapping 10.3.1.0/24 172.16.1.6 priority 1 weight 50
ipv4 etr map-server 172.16.1.2 key FIN-key
ipv4 etr map-server 172.16.1.6 key FIN-key
exit
!
site DEFAULT
authentication-key DEFAULT-key
eid-prefix 172.31.1.0/24 accept-more-specifics
exit
!
site TRANS
authentication-key TRANS-key
eid-prefix instance-id 1 10.1.0.0/16 accept-more-specifics
exit
!
site SOC
authentication-key SOC-key
eid-prefix instance-id 2 10.2.0.0/16 accept-more-specifics
exit
!
site FIN
authentication-key FIN-key
eid-prefix instance-id 3 10.3.0.0/16 accept-more-specifics
exit
!
ipv4 map-server
ipv4 map-resolver
ipv4 itr map-resolver 172.16.1.2
ipv4 itr map-resolver 172.16.1.6
ipv4 itr
ipv4 etr
exit
!
ip route 0.0.0.0 0.0.0.0 172.16.1.1
Example configuration for HQ-RTR-2 with an xTR, a map server and a map resolver:
hostname HQ-RTR-2
!
vrf definition TRANS
address-family ipv4
exit
!
vrf definition SOC
address-family ipv4
exit
!
vrf definition FIN
address-family ipv4
exit
!
interface Loopback0
description Management Loopback (in default space)
ip address 172.31.1.12 255.255.255.255
!
interface GigabitEthernet0/0/0
ipv4 etr
exit
!
ip route 0.0.0.0 0.0.0.0 172.16.1.5
Figure 30: Large Scale LISP Site with Virtualized IPv4 EIDs and a Shared IPv4 Core
The components illustrated in the topology shown in the figure above are described below:
• LISP remote sites:
• Each remote site CPE router functions as a LISP ITR and ETR (xTR).
• Each LISP xTRs has the same three VRFs as the HQ Site: TRANS, SOC, and FIN. Each VRF
contains only IPv4 EID-prefixes.
• Each remote site LISP xTR has a single RLOC connection to a shared IPv4 core network.
SUMMARY STEPS
1. configure terminal
2. router lisp
3. eid-table vrfvrf-name instance-id instance-id
4. database-mapping EID-prefix/prefix-length locator priority priority weight weight
5. ipv4 etr map-server map-server-address key key-type authentication-key
6. Repeat Step 13 to configure another locator address for the same LISP map server
7. exit
8. ipv4 itr map-resolver map-resolver-address
9. Repeat Step 16 to configure another locator address for the LISP map resolver
10. ipv4 itr
11. ipv4 etr
12. exit
13. ip route ipv4-prefix next-hop
14. exit
DETAILED STEPS
Example:
Router# configure terminal
Example:
Router(config)# router lisp
Step 3 eid-table vrfvrf-name instance-id Configures an association between a VRF table and a LISP instance ID, and
instance-id enters eid-table configuration submode.
• In this example, the VRF table TRANS and instance-id 1 are associated
Example: together.
Router(config-router-lisp)# eid-table
vrf TRANS instance-id 1
Step 4 database-mapping EID-prefix/prefix-length Configures an EID-to-RLOC mapping relationship and its associated traffic
locator priority priority weight weight policy for this LISP site.
Router(config-router-lisp-eid-table)# Note Repeat this step until all EID-to-RLOC mappings within this
database-mapping 10.1.2.0/24
172.16.2.2 priority 1 weight 100 eid-table vrf and instance ID for the LISP site are configured.
Step 5 ipv4 etr map-server map-server-address Configures a locator address for the LISP map server and an authentication
key key-type authentication-key key for which this router, acting as an IPv4 LISP ETR, will use to register
with the LISP mapping system.
Example: • In this example, the map server and authentication-key are specified
Router(config-router-lisp-eid-table)# here, within the eid-table subcommand mode, so that the authentication
ipv4 etr map-server 172.16.1.2 key key is associated only with this instance ID, within this VPN.
0 TRANS-key
Note The map server must be configured with EID prefixes and
instance-ids matching the one(s) configured on this ETR, as well
as an identical authentication key.
Note The locator address of the map server may be an IPv4 or IPv6
address. In this example, because each xTR has only IPv4 RLOC
connectivity, the map server is reachable using its IPv4 locator
addresses. (See the LISP Command Reference Guide for more
details.)
Step 6 Repeat Step 13 to configure another locator Configures a locator address for the LISP map server and an authentication
address for the same LISP map server key for which this router, acting as an IPv4 LISP ETR, will use to register
with the LISP mapping system.
Example: • In this example, a redundant map server is configured. (Because the
Router(config-router-lisp-eid-table)# MS is co-located with the xTRs in this case, this command indicates
ipv4 etr map-server 172.16.1.6 key that this xTR is pointing to itself for registration (and its neighbor
0 TRANS-key
xTR/MS/MR at the same site).
Step 7 exit Exits eid-table configuration submode and returns to LISP configuration
mode.
Example:
Router(config-router-lisp-eid-table)#
exit
Step 8 ipv4 itr map-resolver map-resolver-address Configures a locator address for the LISP map resolver to which this router
will send map request messages for IPv4 EID-to-RLOC mapping resolutions.
Example: • In this example, the map resolver is specified within router lisp
Router(config-router-lisp)# ipv4 itr configuration mode and inherited into all eid-table instances since
map-resolver 172.16.1.2 nothing is related to any single instance ID. In addition, redundant map
resolvers are configured. (Because the MR is co-located with the xTRs
in this case, this command indicates that this xTR is pointing to itself
for mapping resolution (and its neighbor xTR/MS/MR at the same site).
• The locator address of the map resolver may be an IPv4 or IPv6 address.
In this example, because each xTR has only IPv4 RLOC connectivity,
Example:
Router(config-router-lisp)# ipv4 itr
Step 11 ipv4 etr Enables LISP ETR functionality for the IPv4 address family.
Example:
Router(config-router-lisp)# ipv4 etr
Step 12 exit Exits LISP configuration mode and returns to global configuration mode.
Example:
Router(config-router-lisp)# exit
Step 13 ip route ipv4-prefix next-hop Configures a default route to the upstream next hop for all IPv4 destinations.
• All IPv4 EID-sourced packets destined to both LISP and non-LISP
Example: sites are forwarded in one of two ways:
Router(config)# ip route 0.0.0.0
0.0.0.0 172.16.2.1 • LISP-encapsulated to a LISP site when traffic is LISP-to-LISP
• natively forwarded when traffic is LISP-to-non-LISP
In this configuration example, because the xTR has IPv4 RLOC connectivity,
a default route to the upstream SP is used for all IPv4 packets to support
LISP processing.
Example:
Router(config)# exit
Example:
The example below show the complete configuration for the remote site device illustrated in the figure above
and in this task. Note that only one remote site configuration is shown here.
Example configuration for Site 2 with an xTR, and using the map server and a map resolver from the HQ site:
hostname Site2-xTR
!
vrf definition TRANS
address-family ipv4
exit
!
vrf definition SOC
address-family ipv4
exit
!
vrf definition FIN
address-family ipv4
exit
!
interface Loopback0
description Management Loopback (in default space)
ip address 172.31.1.2 255.255.255.255
!
interface GigabitEthernet0/0/0
description WAN Link to IPv4 Core
ip address 172.16.2.2 255.255.255.252
negotiation auto
!
interface GigabitEthernet0/0/1
vrf forwarding TRANS
ip address 10.1.2.1 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/0/2
vrf forwarding SOC
In this task, the topology is shown in the figure below and the configuration is from the “Configure Simple
LISP Shared Model Virtualization” task, but the commands are applicable to both LISP shared and parallel
model virtualization.
Figure 31: Simple LISP Site with Virtualized IPv4 and IPv6 EIDs and a Shared IPv4 Core
Note The following examples do not show every available command and every available output display. Refer
to the Cisco IOS LISP Command Reference for detailed explanations of each command.
SUMMARY STEPS
1. enable
2. show running-config | section router lisp
3. show [ip | ipv6] lisp
4. show [ip | ipv6] lisp map-cache
5. show [ip | ipv6] lisp database [eid-table vrf vrf-name]
6. show lisp site [name site-name]
7. lig {[self {ipv4 | ipv6}] | {hostname | destination-EID}
8. ping {hostname | destination-EID}
9. clear [ip | ipv6] lisp map-cache
DETAILED STEPS
Step 1 enable
Enables privileged EXEC mode. Enter your password if prompted.
Example:
Router> enable
Example:
Router# show running-config | section router lisp
router lisp
eid-table vrf PURPLE instance-id 101
database-mapping 192.168.1.0/24 10.0.0.2 priority 1 weight 1
database-mapping 2001:DB8:A:A::/64 10.0.0.2 priority 1 weight 1
eid-table vrf GOLD instance-id 102
database-mapping 192.168.1.0/24 10.0.0.2 priority 1 weight 1
database-mapping 2001:DB8:B:A::/64 10.0.0.2 priority 1 weight 1
exit
!
ipv4 itr map-resolver 10.0.2.2
ipv4 itr
ipv4 etr map-server 10.0.2.2 key Left-key
ipv4 etr
ipv6 itr map-resolver 10.0.2.2
ipv6 itr
ipv6 etr map-server 10.0.2.2 key Left-key
ipv6 etr
exit
Example:
The first example shows a summary of LISP operational status and IPv6 address family information by EID table:
Instance count: 2
Key: DB - Local EID Database entry count (@ - RLOC check pending
* - RLOC consistency problem),
DB no route - Local EID DB entries with no matching RIB route,
Cache - Remote EID mapping cache size, IID - Instance ID,
Role - Configured Role
Example:
The second example shows LISP operational status and IPv6 address family information for the VRF named PURPLE:
Example:
The third example shows LISP operational status and IPv6 address family information for the instance ID of 101:
Example:
The following example shows IPv6 mapping cache information based on a configuration when a simple LISP site is
configured with virtualized IPv4 and IPv6 EID prefixes and a shared IPv4 core. This example output assumes that a
map-cache entry has been received for another site with the IPv6 EID prefix 2001:db8:b:b::/64.
LISP IPv6 Mapping Cache for EID-table vrf GOLD (IID 102), 2 entries
Example:
The following example shows IPv6 mapping database information for the VRF named GOLD.
LISP ETR IPv6 Mapping Database for EID-table vrf GOLD (IID 102), LSBs: 0x1, 1 entries
EID-prefix: 2001:DB8:B:A::/64
10.0.0.2, priority: 1, weight: 1, state: site-self, reachable
Step 6 show lisp site [name site-name]
The show lisp site command is useful for quickly verifying the operational status of LISP sites, as configured on a map
server. This command only applies to a device configured as a map server. The following example output is based on a
configuration when a simple LISP site is configured with virtualized IPv4 and IPv6 EID prefixes and shows the information
for the instance ID of 101.
Example:
Router# show lisp site instance-id 101
Example:
This second example shows LISP site information for the IPv6 EID prefix of 2001:db8:a:a:/64 and instance ID of 101.
Example:
Router# lig instance-id 101 192.168.2.1
Mapping information for EID 192.168.2.1 from 10.0.1.2 with RTT 12 msecs
192.168.2.0/24, uptime: 00:00:00, expires: 23:59:52, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.1.2 00:00:00 up 1/1
Example:
This second example output shows information about the VRF named PURPLE:
Mapping information for EID 192.168.1.0 from 10.0.0.1 with RTT 20 msecs
192.168.1.0/24, uptime: 00:00:00, expires: 23:59:52, via map-reply, self
Locator Uptime State Pri/Wgt
10.0.0.1 00:00:00 up, self 1/1
Step 8 ping {hostname | destination-EID}
The ping command is useful for testing basic network connectivity and reachability and/or liveness of a destination EID
or RLOC address. When using ping it is important to be aware that because LISP uses an encapsulation, you should
always specify a source address; never allow the ping application to assign its own default source address. This is because
there are four possible ways to use ping, and without explicitly indicating the source address, the wrong one may be
used by the application leading to erroneous results that complicate operational verification or troubleshooting. The four
possible uses of ping include:
• RLOC-to-RLOC—Sends “echo ? packets out natively (no LISP encap) and receive the “echo-reply ? back
natively. This can be used to test the underlying network connectivity between locators of various devices, such
as xTR to Map-Server or Map-Resolver.
• EID-to-EID—Sends “echo ? packets out LISP-encaped and receive the “echo-reply ? back LISP-encaped. This
can be used to test the LISP data plane (encapsulation) between LISP sites.
• EID-to-RLOC—Sends “echo ? packets out natively (no LISP encap) and receive the "echo-reply" back LISP-encaped
through a PITR mechanism. This can be used to test the PITR infrastructure.
• RLOC-to-EID - Sends “echo ? packets out LISP-encaped and receive the “echo-reply ? back natively. This can
be used to test PETR capabilities.
The ping command is applicable to the IPv4 and IPv6 address families respectively, and can be used on any LISP device
in some manner. (The ability to do LISP encapsulation, for example, requires the device to be configured as an ITR or
PITR.)
The following example output from the ping command is based on a configuration when a simple LISP site is configured
with virtualized IPv4 and IPv6 EID prefixes. (Note that ping is not a LISP command and does not know about an EID
table or an instance ID. When virtualization is included, output limiters can only be specified by VRF.)
Example:
Router# ping vrf PURPLE 2001:DB8:a:b::1 source 2001:DB8:a:a::1 rep 100
Example:
Router# ping vrf GOLD
Example:
The following example displays IPv4 mapping cache information for instance ID 101, shows the command used to clear
the mapping cache for instance ID 101, and displays the show information after clearing the cache.
LISP IPv4 Mapping Cache for EID-table vrf PURPLE (IID 101), 2 entries
Additional References
Related Documents
Enterprise IPv6 Transitions Strategy Using the Cisco LISP Software Image Download Page
Locator/ID Separation Protocol
Cisco IOS LISP0 Virtual Interface, Application Note, Cisco LISP Software Image Download Page
Version 1.0
Standards
Standard Title
IANA Address Family Numbers http://www.iana.org/assignments/
address-family-numbers/address-family-numbers.xml
MIBs
RFCs
RFC Title
draft-ietf-lisp-22 Locator/ID Separation Protocol (LISP) http://
tools.ietf.org/html/draft-ietf-lisp-22
RFC Title
draft-ietf-lisp-alt-10 LISP Alternative Topology (LISP+ALT) http://
tools.ietf.org/html/draft-ietf-lisp-alt-10
Technical Assistance
Description Link
The Cisco Support and Documentation website http://www.cisco.com/cisco/web/support/index.html
provides online resources to download documentation,
software, and tools. Use these resources to install and
configure the software and to troubleshoot and resolve
technical issues with Cisco products and technologies.
Access to most tools on the Cisco Support and
Documentation website requires a Cisco.com user ID
and password.
The purpose of network virtualization, as shown in the figure below, is to create multiple, logically separated
topologies across one common physical infrastructure.
When considering the deployment of a virtualized network environment, take into account both the device
and the path level.
Because LISP considers virtualization of both EID and RLOC namespaces, two models of operation are
defined: shared model and parallel model. For completeness, the discussions below begin first with a review
of the default (non-virtualized) model of LISP, and then cover the details of shared and parallel models.
Figure 35: Default (Non-Virtualized) LISP Model (Resolves Both EID and RLOC Addresses in the Default (Global) Routing
Table.
As shown in the figure above, both EID and RLOC addresses are resolved in the default table. The mapping
system must also be reachable via the default table. This default model can be thought of as a single instantiation
of the parallel model of LISP virtualization where EID and RLOC addresses are within the same namespace
such as is the case in this default table.
Figure 36: LISP parallel model virtualization resolves an EID and associated RLOCs within the same or different VRF. In
this example, both EID and RLOC addresses are resolved in the same VRF, but multiple (parallel) segmentation is configured
on the same device (BLUE and PINK).
As shown in the figure above, EID space is virtualized through its association with VRFs, and these VRFs
are tied to LISP Instance IDs to segment the control plane and data plane in LISP. A common, “shared” locator
space, the default (global) table as shown in the figure above, is used to resolve RLOC addresses for all
virtualized EIDs. The mapping system must also be reachable via the common locator space as well.
The example illustrated in the figure above shows virtualized EID space associated with a VRF (and bound
to an Instance ID) being tied to locator space associated with the same VRF, in this case - Pink/Pink and
Blue/Blue. However, this is not required; the EID VRF does not need to match the RLOC VRF. In any case,
a mapping system must be reachable via the associated locator space. Multiple parallel instantiations can be
defined.
In the most general case, shared model and parallel model may be combined such that multiple EID VRFs
share a common RLOC VRF, and multiple instantiations of this architecture are implemented on the same
platform, as shown in the figure below.
Figure 37: LISP shared and parallel models may be combined for maximum flexibility.
As shown in the figure above, shared and parallel models are combined to associate several EID instances to
one shared RLOC VRF, and then several other EID instances to another shared RLOC VRF.
Figure 38: In the LISP parallel model multitenancy case, shared xTRs use virtualized core networks and mapping systems.
LISP instance IDs segment the LISP data plane and control plane.
VLAN-segmented to maintain RLOC space separation within the core. Two VRFs are defined here: BLUE
and GREEN. IPv4 RLOC space is used in each of these parallel networks. Both IPv4 and IPv6 EID address
space is used. The LISP site registers to one map server/map resolver (MS/MR), which is segmented to
maintain the parallel model architecture of the core network.
Figure 39: Simple LISP Site with One IPv4 RLOC and One IPv4 EID
The components illustrated in the topology shown in the figure above are described below:
• LISP site:
• The CPE functions as a LISP ITR and ETR (xTR).
• Both LISP xTRs have two VRFs: GOLD and PURPLE, with each VRF containing both IPv4 and
IPv6 EID-prefixes, as shown in the figure above. Note the overlapping prefixes, used for illustration
purposes. A LISP instance-id is used to maintain separation between two VRFs. Note that in this
example, the share key is configured “per-VPN. ?
• Each LISP xTR has a single RLOC connection to a parallel IPv4 core network.
Perform the steps in this task (once through for each xTR in the LISP site) to enable and configure LISP ITR
and ETR (xTR) functionality when using a LISP map-server and map-resolver for mapping services. The
example configurations at the end of this task show the full configuration for two xTRs (Left-xTR and
Right-xTR).
SUMMARY STEPS
1. configure terminal
2. router lisp lisp-instantiation-number
3. locator-table vrf rloc-vrf-name
4. eid-table vrfEID-vrf-name instance-id instance-id
5. database-mapping EID-prefix/prefix-length locator priority priority weight weight
6. Repeat Step 4 until all EID-to-RLOC mappings within this eid-table vrf and instance ID for this LISP site
are configured.
7. exit
8. ipv4 itr map-resolver map-resolver-address
9. ipv4 etr map-server map-server-address key key-type authentication-key
10. ipv4 itr
11. ipv4 etr
12. ipv6 itr map-resolver map-resolver-address
13. ipv6 etr map-server map-server-address key key-type authentication-key
14. ipv6 itr
15. ipv6 etr
16. exit
17. ip route vrf rloc-vrf-name ipv4-prefix next-hop
18. exit
DETAILED STEPS
Example:
Router# configure terminal
Step 2 router lisp lisp-instantiation-number Creates the specified LISP instantiation number and enters LISP
configuration mode ( software only). All subsequent LISP commands apply
Example: to that router LISP instantiation.
Router(config)# router lisp • In this example, the router LISP instantiation 1 is configured.
Step 3 locator-table vrf rloc-vrf-name Configures a router LISP instantiation to use the specified VRF as RLOC
space when encapsulating EIDs and sending control plane packets.
Example: • In this example, the RLOC VRF named BLUE is configured.
Router(config-router-lisp)#
locator-table vrf BLUE
Step 4 eid-table vrfEID-vrf-name instance-id Configures an association between a VRF table and a LISP instance ID,
instance-id and enters eid-table configuration submode.
Router(config-router-lisp)# eid-table
vrf PURPLE instance-id 101
Step 5 database-mapping EID-prefix/prefix-length Configures an EID-to-RLOC mapping relationship and its associated traffic
locator priority priority weight weight policy for this LISP site.
• In this example, a single IPv4 EID prefix, 192.168.1.0/24, within
Example: instance ID 1 at this site is associated with the local IPv4 RLOC
Router(config-router-lisp-eid-table)# 10.0.0.2.
database-mapping 192.168.1.0/24
10.0.0.2 priority 1 weight 1
Step 6 Repeat Step 4 until all EID-to-RLOC Configures an EID-to-RLOC mapping relationship and its associated traffic
mappings within this eid-table vrf and policy for this LISP site.
instance ID for this LISP site are configured.
• In this example, the IPv6 EID prefix, 2001:db8:a:a::/64, within instance
ID 1 at this site is also associated with the local IPv4 RLOC 10.0.0.2.
Example:
Router(config-router-lisp-eid-table)#
database-mapping 2001:db8:a:a::/64
10.0.0.2 priority 1 weight 1
Step 7 exit Exits eid-table configuration submode and returns to LISP configuration
mode.
Example:
Router(config-router-lisp-eid-table)#
exit
Step 8 ipv4 itr map-resolver map-resolver-address Configures a locator address for the LISP map resolver to which this router
will send map request messages for IPv4 EID-to-RLOC mapping resolutions.
Example: • In this example, the map resolver is specified within router lisp
Router(config-router-lisp)# ipv4 itr configuration mode.
map-resolver 10.0.2.2
• The locator address of the map resolver may be an IPv4 or IPv6
address. In this example, because each xTR has only IPv4 RLOC
connectivity, the map resolver is reachable using its IPv4 locator
address. (See the LISP Command Reference Guide for more details.)
Note The locator address of the map server may be an IPv4 or IPv6
address. In this example, because each xTR has only IPv4 RLOC
connectivity, the map-server is reachable using its IPv4 locator
addresses. (See the LISP Command Reference Guide for more
details.)
Step 10 ipv4 itr Enables LISP ITR functionality for the IPv4 address family.
Example:
Router(config-router-lisp)# ipv4 itr
Step 11 ipv4 etr Enables LISP ETR functionality for the IPv4 address family.
Example:
Router(config-router-lisp)# ipv4 etr
Step 12 ipv6 itr map-resolver map-resolver-address Configures a locator address for the LISP map resolver to which this router
will send map request messages for IPv6 EID-to-RLOC mapping resolutions.
Example: • In this example, the map resolver is specified within router lisp
Router(config-router-lisp)# ipv6 itr configuration mode.
map-resolver 10.0.2.2
• The locator address of the map resolver may be an IPv4 or IPv6
address. In this example, because each xTR has only IPv4 RLOC
connectivity, the map-resolver is reachable using its IPv4 locator
addresses. (See the LISP Command Reference Guide for more details.)
Example:
Router(config-router-lisp)# ipv6 itr
Step 15 ipv6 etr Enables LISP ETR functionality for the IPv6 address family.
Example:
Router(config-router-lisp)# ipv6 etr
Step 16 exit Exits LISP configuration mode and returns to global configuration mode.
Example:
Router(config-router-lisp)# exit
Step 17 ip route vrf rloc-vrf-name ipv4-prefix Configures a default route to the upstream next hop for all IPv4 destinations.
next-hop
• All IPv4 EID-sourced packets destined to both LISP and non-LISP
sites are forwarded in one of two ways:
Example:
• LISP-encapsulated to a LISP site when traffic is LISP-to-LISP
Router(config)# ip route vrf BLUE
0.0.0.0 0.0.0.0 10.0.0.1 • natively forwarded when traffic is LISP-to-non-LISP
In this configuration example, because the xTR has IPv4 RLOC connectivity,
a default route to the upstream SP is used for all IPv4 packets to support
LISP processing.
Example:
Router(config)# exit
Example:
The examples below show the complete configuration for the LISP topology illustrated in the figure above
and in this task. On the xTRs, the VRFs and EID prefixes are assumed to be attached to VLANs configured
on the devices.
Example configuration for the Left xTR:
hostname Left-xTR
!
ipv6 unicast-routing
!
vrf definition PURPLE
address-family ipv4
exit
address-family ipv6
exit
!
vrf definition GOLD
address-family ipv4
exit
address-family ipv6
exit
!
interface Ethernet0/0
ip address 10.0.0.2 255.255.255.0
!
interface Ethernet1/0.1
encapsulation dot1q 101
vrf forwarding PURPLE
ip address 192.168.1.1 255.255.255.0
ipv6 address 2001:DB8:A:A::1/64
!
interface Ethernet1/0.2
encapsulation dot1q 102
vrf forwarding GOLD
ip address 192.168.1.1 255.255.255.0
ipv6 address 2001:DB8:B:A::1/64
!
router lisp
eid-table vrf PURPLE instance-id 101
database-mapping 192.168.1.0/24 10.0.0.2 priority 1 weight 1
database-mapping 2001:DB8:A:A::/64 10.0.0.2 priority 1 weight 1
eid-table vrf GOLD instance-id 102
database-mapping 192.168.1.0/24 10.0.0.2 priority 1 weight 1
database-mapping 2001:DB8:B:A::/64 10.0.0.2 priority 1 weight 1
exit
!
ipv4 itr map-resolver 10.0.2.2
ipv4 itr
ipv4 etr map-server 10.0.2.2 key Left-key
ipv4 etr
ipv6 itr map-resolver 10.0.2.2
ipv6 itr
ipv6 etr map-server 10.0.2.2 key Left-key
ipv6 etr
exit
!
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!
Example configuration for Right xTR:
hostname Right-xTR
!
ipv6 unicast-routing
!
vrf definition PURPLE
address-family ipv4
exit
address-family ipv6
exit
!
vrf definition GOLD
address-family ipv4
exit
address-family ipv6
exit
!
interface Ethernet0/0
ip address 10.0.1.2 255.255.255.0
!
interface Ethernet1/0.1
encapsulation dot1q 101
vrf forwarding PURPLE
ip address 192.168.2.1 255.255.255.0
ipv6 address 2001:DB8:A:B::1/64
!
interface Ethernet1/0.2
encapsulation dot1q 102
vrf forwarding GOLD
ip address 192.168.2.1 255.255.255.0
ipv6 address 2001:DB8:B:B::1/64
!
router lisp
eid-table vrf PURPLE instance-id 101
database-mapping 192.168.2.0/24 10.0.1.2 priority 1 weight 1
database-mapping 2001:DB8:A:B::/64 10.0.1.2 priority 1 weight 1
eid-table vrf GOLD instance-id 102
database-mapping 192.168.2.0/24 10.0.1.2 priority 1 weight 1
database-mapping 2001:DB8:B:B::/64 10.0.1.2 priority 1 weight 1
exit
!
ipv4 itr map-resolver 10.0.2.2
ipv4 itr
ipv4 etr map-server 10.0.2.2 key Right-key
ipv4 etr
ipv6 itr map-resolver 10.0.2.2
ipv6 itr
ipv6 etr map-server 10.0.2.2 key Right-key
ipv6 etr
exit
!
ip route 0.0.0.0 0.0.0.0 10.0.1.1
!
Configuring a Private LISP Mapping System for LISP Parallel Model Virtualization
Perform this task to configure and enable standalone LISP map server/map resolver functionality for LISP
parallel model virtualization. In this task, a Cisco router is configured as a standalone map resolver/map server
(MR/MS) for a private LISP mapping system. Because the MR/MS is configured as a stand-alone device, it
has no need for LISP alternate logical topology (ALT) connectivity. All relevant LISP sites must be configured
to register with this map server so that this map server has full knowledge of all registered EID prefixes within
the (assumed) private LISP system.
• Mapping system:
Figure 40: Simple LISP Site with One IPv4 RLOC and One IPv4 EID
• One map resolver/map server (MS/MR) system is shown in the figure above and assumed available
for the LISP xTR to register to within the proper parallel RLOC space. The MS/MR has an IPv4
RLOC address of 10.0.2.2, within each VLAN/VRF (Green and Blue) providing parallel model
RLOX separation in the IPv4 core.
• The map server site configurations are virtualized using LISP instance IDs to maintain separation
between the two VRFs, PURPLE and GOLD.
Repeat this task for all router lisp instantiations and RLOC VRFs.
SUMMARY STEPS
1. enable
2. configure terminal
3. router lisp lisp-instantiation-number
4. locator-table vrf rloc-vrf-name
5. site site-name
6. authentication-key [key-type] authentication-key
7. eid-prefix instance-id instance-id EID-prefix
8. eid-prefix instance-id instance-id EID-prefix
9. exit
10. ipv4 map-resolver
11. ipv4 map-server
12. ipv6 map-resolver
13. ipv6 map-server
14. exit
15. ip route vrf rloc-vrf-name ipv4-prefix next-hop
16. exit
DETAILED STEPS
Example:
Router# configure terminal
Step 3 router lisp lisp-instantiation-number Creates the specified LISP instantiation number and enters LISP
configuration mode ( software only). All subsequent LISP commands
Example: apply to that router LISP instantiation.
Router(config)# router lisp • In this example, the router LISP instantiation 1 is configured.
Step 4 locator-table vrf rloc-vrf-name Configures a router lisp instantiation to use the specified VRF as
RLOC space when encapsulating EIDs and sending control plane
Example: packets.
Router(config)# locator-table vrf BLUE • In this example, the RLOC VRF BLUE is configured.
Step 6 authentication-key [key-type] Configures the password used to create the SHA-2 HMAC hash for
authentication-key authenticating the map register messages sent by an ETR when
registering to the map server.
Example: Note The ETR must be configured with EID prefixes and instance
Router(config-router-lisp-site)# IDs matching the one(s) configured on this map server, as
authentication-key 0 Purple-key well as an identical authentication key.
Step 7 eid-prefix instance-id instance-id EID-prefix Configures an EID prefix and instance ID that are allowed in a map
register message sent by an ETR when registering to this map server.
Example: Repeat this step as necessary to configure additional IPv4 EID prefixes
under this LISP site.
Router(config-router-lisp-site)#
eid-prefix instance-id 101 • In this example, the IPv4 EID prefix 192.168.1.0/24 and instance
192.168.1.0/24
ID 101 are associated together.
Step 8 eid-prefix instance-id instance-id EID-prefix Configures an EID prefix and instance ID that are allowed in a map
register message sent by an ETR when registering to this map server.
Example: Repeat this step as necessary to configure additional IPv6 EID prefixes
under this LISP site.
Router(config-router-lisp-site)#
eid-prefix instance-id 101 • In this example, the IPv6 EID prefix 2001:db8:a:a::/64 and
2001:db8:a:a::/64
instance ID 101 are associated together.
Step 9 exit Exits LISP site configuration mode and returns to LISP configuration
mode.
Example:
Router(config-router-lisp-site)# exit
Step 10 ipv4 map-resolver Enables LISP map resolver functionality for EIDs in the IPv4 address
family within this router lisp instantiation.
Example:
Router(config-router-lisp)# ipv4
map-resolver
Step 11 ipv4 map-server Enables LISP map server functionality for EIDs in the IPv4 address
family within this router lisp instantiation.
Example:
Router(config-router-lisp)# ipv4
map-server
Step 13 ipv6 map-server Enables LISP map server functionality for EIDs in the IPv6 address
family within this router lisp instantiation.
Example:
Router(config-router-lisp)# ipv6
map-server
Step 14 exit Exits LISP configuration mode and returns to global configuration
mode.
Example:
Router(config-router-lisp)# exit
Step 15 ip route vrf rloc-vrf-name ipv4-prefix next-hop Configures a default route to the upstream next hop for all IPv4
destinations, reachable within the specified RLOC VRF.
Example:
Router(config)# ip route vrf BLUE
0.0.0.0 0.0.0.0 10.0.2.1
Step 16 exit Exits global configuration mode and returns to privileged EXEC
mode.
Example:
Router(config)# exit
Example:
Example configuration for the map server/map resolver.
hostname MSMR
!
vrf definition BLUE
address-family ipv4
exit
!
vrf definition GREEN
address-family ipv4
exit
!
ipv6 unicast-routing
!
interface Ethernet0/0.101
encapsulation dot1Q 101
vrf forwarding BLUE
ip address 10.0.0.2 255.255.255.0
!
interface Ethernet0/0.102
In this task, the topology is shown in the figure below and the configuration is from the “Configure Simple
LISP Shared Model Virtualization” task, but the commands are applicable to both LISP shared and parallel
model virtualization.
Figure 41: Simple LISP Site with Virtualized IPv4 and IPv6 EIDs and a Shared IPv4 Core
Note The following examples do not show every available command and every available output display. Refer
to the Cisco IOS LISP Command Reference for detailed explanations of each command.
SUMMARY STEPS
1. enable
2. show running-config | section router lisp
3. show [ip | ipv6] lisp
4. show [ip | ipv6] lisp map-cache
5. show [ip | ipv6] lisp database [eid-table vrf vrf-name]
6. show lisp site [name site-name]
7. lig {[self {ipv4 | ipv6}] | {hostname | destination-EID}
8. ping {hostname | destination-EID}
9. clear [ip | ipv6] lisp map-cache
DETAILED STEPS
Step 1 enable
Enables privileged EXEC mode. Enter your password if prompted.
Example:
Router> enable
Example:
Router# show running-config | section router lisp
router lisp
eid-table vrf PURPLE instance-id 101
database-mapping 192.168.1.0/24 10.0.0.2 priority 1 weight 1
database-mapping 2001:DB8:A:A::/64 10.0.0.2 priority 1 weight 1
eid-table vrf GOLD instance-id 102
database-mapping 192.168.1.0/24 10.0.0.2 priority 1 weight 1
database-mapping 2001:DB8:B:A::/64 10.0.0.2 priority 1 weight 1
exit
!
ipv4 itr map-resolver 10.0.2.2
ipv4 itr
ipv4 etr map-server 10.0.2.2 key Left-key
ipv4 etr
ipv6 itr map-resolver 10.0.2.2
ipv6 itr
ipv6 etr map-server 10.0.2.2 key Left-key
ipv6 etr
exit
Example:
The first example shows a summary of LISP operational status and IPv6 address family information by EID table:
Instance count: 2
Key: DB - Local EID Database entry count (@ - RLOC check pending
* - RLOC consistency problem),
DB no route - Local EID DB entries with no matching RIB route,
Cache - Remote EID mapping cache size, IID - Instance ID,
Role - Configured Role
Example:
The second example shows LISP operational status and IPv6 address family information for the VRF named PURPLE:
Example:
The third example shows LISP operational status and IPv6 address family information for the instance ID of 101:
Example:
The following example shows IPv6 mapping cache information based on a configuration when a simple LISP site is
configured with virtualized IPv4 and IPv6 EID prefixes and a shared IPv4 core. This example output assumes that a
map-cache entry has been received for another site with the IPv6 EID prefix 2001:db8:b:b::/64.
LISP IPv6 Mapping Cache for EID-table vrf GOLD (IID 102), 2 entries
Example:
The following example shows IPv6 mapping database information for the VRF named GOLD.
LISP ETR IPv6 Mapping Database for EID-table vrf GOLD (IID 102), LSBs: 0x1, 1 entries
EID-prefix: 2001:DB8:B:A::/64
10.0.0.2, priority: 1, weight: 1, state: site-self, reachable
Step 6 show lisp site [name site-name]
The show lisp site command is useful for quickly verifying the operational status of LISP sites, as configured on a map
server. This command only applies to a device configured as a map server. The following example output is based on a
configuration when a simple LISP site is configured with virtualized IPv4 and IPv6 EID prefixes and shows the information
for the instance ID of 101.
Example:
Router# show lisp site instance-id 101
Example:
This second example shows LISP site information for the IPv6 EID prefix of 2001:db8:a:a:/64 and instance ID of 101.
Example:
Router# lig instance-id 101 192.168.2.1
Mapping information for EID 192.168.2.1 from 10.0.1.2 with RTT 12 msecs
192.168.2.0/24, uptime: 00:00:00, expires: 23:59:52, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.1.2 00:00:00 up 1/1
Example:
This second example output shows information about the VRF named PURPLE:
Mapping information for EID 192.168.1.0 from 10.0.0.1 with RTT 20 msecs
192.168.1.0/24, uptime: 00:00:00, expires: 23:59:52, via map-reply, self
Locator Uptime State Pri/Wgt
10.0.0.1 00:00:00 up, self 1/1
Step 8 ping {hostname | destination-EID}
The ping command is useful for testing basic network connectivity and reachability and/or liveness of a destination EID
or RLOC address. When using ping it is important to be aware that because LISP uses an encapsulation, you should
always specify a source address; never allow the ping application to assign its own default source address. This is because
there are four possible ways to use ping, and without explicitly indicating the source address, the wrong one may be
used by the application leading to erroneous results that complicate operational verification or troubleshooting. The four
possible uses of ping include:
• RLOC-to-RLOC—Sends “echo ? packets out natively (no LISP encap) and receive the “echo-reply ? back
natively. This can be used to test the underlying network connectivity between locators of various devices, such
as xTR to Map-Server or Map-Resolver.
• EID-to-EID—Sends “echo ? packets out LISP-encaped and receive the “echo-reply ? back LISP-encaped. This
can be used to test the LISP data plane (encapsulation) between LISP sites.
• EID-to-RLOC—Sends “echo ? packets out natively (no LISP encap) and receive the "echo-reply" back LISP-encaped
through a PITR mechanism. This can be used to test the PITR infrastructure.
• RLOC-to-EID - Sends “echo ? packets out LISP-encaped and receive the “echo-reply ? back natively. This can
be used to test PETR capabilities.
The ping command is applicable to the IPv4 and IPv6 address families respectively, and can be used on any LISP device
in some manner. (The ability to do LISP encapsulation, for example, requires the device to be configured as an ITR or
PITR.)
The following example output from the ping command is based on a configuration when a simple LISP site is configured
with virtualized IPv4 and IPv6 EID prefixes. (Note that ping is not a LISP command and does not know about an EID
table or an instance ID. When virtualization is included, output limiters can only be specified by VRF.)
Example:
Router# ping vrf PURPLE 2001:DB8:a:b::1 source 2001:DB8:a:a::1 rep 100
Example:
Router# ping vrf GOLD
Example:
The following example displays IPv4 mapping cache information for instance ID 101, shows the command used to clear
the mapping cache for instance ID 101, and displays the show information after clearing the cache.
LISP IPv4 Mapping Cache for EID-table vrf PURPLE (IID 101), 2 entries
Additional References
Related Documents
Enterprise IPv6 Transitions Strategy Using the Cisco LISP Software Image Download Page
Locator/ID Separation Protocol
Cisco IOS LISP0 Virtual Interface, Application Note, Cisco LISP Software Image Download Page
Version 1.0
Standards
Standard Title
IANA Address Family Numbers http://www.iana.org/assignments/
address-family-numbers/address-family-numbers.xml
MIBs
RFCs
RFC Title
draft-ietf-lisp-22 Locator/ID Separation Protocol (LISP) http://
tools.ietf.org/html/draft-ietf-lisp-22
RFC Title
draft-ietf-lisp-alt-10 LISP Alternative Topology (LISP+ALT) http://
tools.ietf.org/html/draft-ietf-lisp-alt-10
Technical Assistance
Description Link
The Cisco Support and Documentation website http://www.cisco.com/cisco/web/support/index.html
provides online resources to download documentation,
software, and tools. Use these resources to install and
configure the software and to troubleshoot and resolve
technical issues with Cisco products and technologies.
Access to most tools on the Cisco Support and
Documentation website requires a Cisco.com user ID
and password.
Multiple Layer 3 hops can exist between the FHR and the site gateway xTR when deploying the LISP ESM
Multihop Mobility feature. You can insert non-LISP devices like firewalls and load-balancers into the data
center.
Note LISP supports silent host moves from the 15.4(1)T release.
Note LISP supports redistributing host routes for servers discovered by LISP into Interior Gateway Protocol
(IGP) via Open Shortest Path First (OSPF) protocol/ Intermediate System-to-Intermediate System (IS-IS)
protocol/ Routing Information Protocol (RIP)/ Border Gateway Protocol (BGP).
Perform the tasks shown below to configure LISP ESM multihop mobility on a Locator ID/Separation Protocol
(LISP) site with three IPv4 routing locators (RLOCs). In these tasks, a LISP site uses a single edge router
configured as both an ITR and an ETR (known as an xTR) with two connections to the upstream provider.
Both the RLOCs and the endpoint identifier (EID) prefix are IPv4. The LISP site registers to a map resolver
map server (MRMS) device in the network core. The topology used in this LISP configuration is shown in
the figure below.
The components illustrated in the topology shown in the above figure are described below:
LISP Site
• The customer premises equipment (CPE) functions as a LISP ITR and ETR (xTR).
• The LISP xTR is authoritative for the IPv4 EID prefix of 10.1.0.0/16.
• The LISP xTR has two RLOC connections to the core. The RLOC connection to xTR-1 is 172.18.3.3;
the RLOC connection to xTR-2 is 172.19.4.4.
Mapping System
• An MRMS system is assumed to be available for the LISP xTRs to configure. The MRMS has IPv4
RLOCs 10.1.1.0 and 10.1.1.9.
• Mapping services are assumed to be provided as part of this LISP solution via a private mapping system
or as a public LISP mapping system.
1. enable
2. configure terminal
3. router lisp
4. locator-set locator-set-name
5. ipv4-address priority priority-locator weight locator-weight
6. Repeat Step 5 to configure another locator entry.
7. exit
8. eid-table default instance-id id
9. dynamic-eid dynamic-eid-name
10. database-mapping dynamic-eid-prefix/prefix-length locator-set name
11. eid-notify ipv4-address key password
12. map-notify-group ipv4-group-address
13. exit
14. exit
15. exit
16. interface type number
17. lisp mobility dynamic-eid-name
18. lisp extended-subnet-mode
19. ip address ip-address mask
20. standby group-number ip virtual-ip-address
21. end
DETAILED STEPS
Example:
Device# configure terminal
Example:
Device(config)# router lisp
Step 4 locator-set locator-set-name Specifies a locator set and enters LISP locator-set
configuration mode.
Example:
Device(config-router-lisp)# locator-set WestDC
Step 5 ipv4-address priority priority-locator weight Configures the LISP locator set. The LISP locator set is
locator-weight the set of addresses that the first-hop router (FHR) uses
while communicating with the gateway xTR. You can
Example: configure each locator address by creating a locator entry
Device(config-router-lisp-locator-set)# 172.16.1.2 with an assigned priority and weight.
priority 10 weight 50
Step 8 eid-table default instance-id id Configures an association between the default virtual
routing and forwarding (VRF) table and a LISP instance
Example: ID, and enters EID table configuration mode.
Device(config-router-lisp)# eid-table default
instance-id 0
Step 12 map-notify-group ipv4-group-address Specifies the IPv4 multicast group address used for
sending and receiving site-based map-notify multicast
Example: messages.
Device(config-router-lisp-eid-table-dynamic-eid)#
map-notify-group 224.0.0.0
Step 13 exit Exits dynamic EID configuration mode and returns to EID
table configuration mode.
Example:
Device(config-router-lisp-eid-table-dynamic-eid)#
exit
Step 14 exit Exits EID table configuration mode and returns to LISP
configuration mode.
Example:
Device(config-router-lisp-eid-table)# exit
Step 16 interface type number Specifies the interface type and number and enters
interface configuration mode.
Example:
Device(config)# interface Vlan 11
Step 17 lisp mobility dynamic-eid-name Allows EID mobility on the interface and specifies the
name of the dynamic EID.
Example:
Device(config-if)# lisp mobility VMs
Example:
Device(config-if)# lisp extended-subnet-mode
Step 19 ip address ip-address mask Configures an IPv4 address for a specific interface.
Example:
Device(config-if)# ip address 10.1.1.2
255.255.255.0
Example:
Device(config-if)# end
1. enable
2. configure terminal
3. router lisp
4. locator-set locator-set-name
5. ipv4-address priority priority-locator weight locator-weight
6. exit
7. eid-table default instance-id id
8. database-mapping dynamic-eid-prefix/prefix-length locator-set name
9. dynamic-eid dynamic-eid-name
10. database-mapping dynamic-eid-prefix/prefix-length locator-set name
11. eid-notify authentication-key password
12. exit
13. exit
14. ipv4 itr map-resolver map-resolver-address
15. ipv4 itr
16. ipv4 etr map-server map-server-address key authentication-key
17. ipv4 etr
18. exit
19. interface type number
20. ip address ip-address mask
21. lisp mobility dynamic-eid-name
22. lisp extended-subnet-mode
23. end
DETAILED STEPS
Example:
Device# configure terminal
Example:
Device(config)# router lisp
Step 4 locator-set locator-set-name Specifies a locator set and enters LISP locator-set
configuration mode.
Example:
Device(config-router-lisp)# locator-set WestDC
Step 5 ipv4-address priority priority-locator weight Configures the LISP locator set. The LISP locator set is
locator-weight the set of addresses used by the gateway xTR while
encapsulating/decapsulating LISP traffic from and to the
Example: endpoint identifier (EID).
Device(config-router-lisp-locator-set)# 172.18.3.3
priority 10 weight 50
Step 7 eid-table default instance-id id Configures an association between the default virtual
routing and forwarding (VRF) table and a LISP instance
Example: ID, and enters EID table configuration mode.
Device(config-router-lisp)# eid-table default
instance-id 0
Example:
Device(config-router-lisp-eid-table-dynamic-eid)#
database-mapping 10.1.1.0/24 locator-set WestDC
Step 11 eid-notify authentication-key password Specifies the authentication key to validate the EID-notify
sent from a first-hop router (FHR).
Example:
Device(config-router-lisp-eid-table-dynamic-eid)#
eid-notify authentication-key k
Step 12 exit Exits dynamic EID configuration mode and returns to EID
table configuration mode.
Example:
Device(config-router-lisp-eid-table-dynamic-eid)#
exit
Step 13 exit Exits EID table configuration mode and returns to LISP
configuration mode.
Example:
Device(config-router-lisp-eid-table)# exit
Step 14 ipv4 itr map-resolver map-resolver-address Configures a locator address for the LISP map resolver to
which this device will send map request messages for IPv4
Example: EID-to-RLOC mapping resolutions.
Device(config-router-lisp)# ipv4 itr map-resolver
172.20.5.5 • The locator address of the map resolver may be an
IPv4 or IPv6 address.
Step 16 ipv4 etr map-server map-server-address key Configures the IPv4 or IPv6 locator address of the LISP
authentication-key map server to be used by the egress tunnel router (ETR)
when registering IPv4 endpoint identifiers (EIDs).
Example:
Device(config-router-lisp)# ipv4 etr map-server
172.20.5.5 key mskey
Step 19 interface type number Specifies the interface type and number and enters
interface configuration mode.
Example:
Device(config)# interface FastEthernet 1/4
Step 20 ip address ip-address mask Configures an IPv4 address for the interface.
Example:
Device(config-if)# ip address 192.0.2.21
255.255.255.0
Step 21 lisp mobility dynamic-eid-name Allows EID mobility on the interface and specifies the
name of the dynamic EID.
Example:
Device(config-if)# lisp mobility VMs
Example:
Device(config-if)# lisp extended-subnet-mode
Example:
Device(config-if)# end
Configuring xTR
SUMMARY STEPS
1. enable
2. configure terminal
3. router lisp
4. locator-set locator-set-name
5. ipv4-address priority priority-locator weight locator-weight
6. Repeat Step 5 to configure another locator entry.
7. exit
8. eid-table default instance-id id
9. database-mapping dynamic-eid-prefix/prefix-length locator-set name
10. exit
11. ipv4 itr map-resolver map-resolver-address
12. ipv4 itr
13. ipv4 etr map-server map-server-address key authentication-key
14. ipv4 etr
15. end
DETAILED STEPS
Example:
Device# configure terminal
Example:
Device(config)# router lisp
Step 4 locator-set locator-set-name Specifies a locator set and enters LISP locator-set configuration
mode.
Example:
Device(config-router-lisp)# locator-set
Site3RLOCS
Step 5 ipv4-address priority priority-locator weight Configures the LISP locator set. The LISP locator set is the set
locator-weight of addresses used by the gateway xTR while
Step 7 exit Exits LISP locator set configuration mode and returns to LISP
configuration mode.
Example:
Device(config-router-lisp-locator-set)#
exit
Step 8 eid-table default instance-id id Configures an association between the default VRF table and a
LISP instance ID, and enters EID table configuration mode.
Example:
Device(config-router-lisp)# eid-table
default instance-id 0
Step 11 ipv4 itr map-resolver map-resolver-address Configures a locator address for the LISP map resolver to which
this router will send map request messages for IPv4
Example: EID-to-RLOC mapping resolutions.
Device(config-router-lisp)# ipv4 itr
map-resolver 172.20.5.5 • The locator address of the map resolver may be an IPv4 or
IPv6 address.
Example:
Device(config-router-lisp)# ipv4 itr
Step 14 ipv4 etr Enables LISP ETR functionality for an IPv4 address family.
Example:
Device(config-router-lisp)# ipv4 etr
Example:
Device(config-if)# end
1. enable
2. configure terminal
3. router lisp
4. site site-name
5. authentication-key password
6. eid-prefix eid-prefix accept-more-specifics
7. exit
8. Repeat Step 4 to Step 7 to configure another LISP site.
9. ipv4 map-server
10. ipv4 map-resolver
11. end
DETAILED STEPS
Example:
Device# configure terminal
Step 4 site site-name Configures a LISP site and enters LISP site configuration mode
on a LISP map server.
Example:
Device(config-router-lisp)# site EastWestDC
Step 5 authentication-key password Configures the password used to create the Hash-based Message
Authentication Code (HMAC) Secure Hash Algorithm (SHA-1)
Example: hash for authenticating the map-register message sent by an
Device(config-router-lisp-site)# egress tunnel router (ETR) when registering with the map server.
authentication-key k
Step 6 eid-prefix eid-prefix accept-more-specifics Configures a list of endpoint identifier (EID) prefixes that are
allowed in a map-register message sent by an ETR when
Example: registering with the map server. Specifies that any EID prefix
Device(config-router-lisp-site)# eid-prefix that is more specific than the EID prefix configured is accepted
10.1.0.0/16 accept-more-specifics and tracked.
Step 7 exit Exits LISP site configuration mode and returns to LISP
configuration mode.
Example:
Device(config-router-lisp-site)# exit
Example:
Device(config-router-lisp)# ipv4 map-server
Step 10 ipv4 map-resolver Configures a device to act as an IPv4 LISP map resolver.
Example:
Device(config-router-lisp)# ipv4
map-resolver
Step 11 end Exits LISP configuration mode and returns to privileged EXEC
mode.
Example:
Device(config-router-lisp)# end
The examples below show the complete configuration for the LISP topology illustrated in the figure above.
Technical Assistance
Description Link
The Cisco Support and Documentation website http://www.cisco.com/cisco/web/support/index.html
provides online resources to download documentation,
software, and tools. Use these resources to install and
configure the software and to troubleshoot and resolve
technical issues with Cisco products and technologies.
Access to most tools on the Cisco Support and
Documentation website requires a Cisco.com user ID
and password.
When some sites within a network connect to one routing domain and other sites connect to another routing
domain, a gateway function must be provided to facilitate connectivity between these disjointed routing
domains. In traditional routing architectures, providing connectivity between disjointed routing domains can
be quite complex.
The inherent property of Locator/ID Separation Protocol (LISP), which separates IP addresses into two
namespaces, endpoint identifiers (EIDs) and routing locators (RLOCs), also gives it the ability to connect
disjointed RLOC domains. The LISP Support for Disjoint RLOC Domains feature provides simplified
configuration mechanisms that enable this capability. The key components are new control plane configuration
options on the LISP map server, and a functionality called re-encapsulating tunnel router (RTR), which
provides data plane connectivity between disjointed locator spaces.
destination EID information. When a map server receives a Map-Request message, it compares the RLOCs
associated with the source EID and destination EID contained with the Map-Request message against the
configured locator scopes.
• If the ingress tunnel router (ITR) (source EID) and egress tunnel router (ETR) (destination EID) share
at least one RLOC in a common locator scope, the map server forwards the Map-Request message to
the ETR as normal. In this case, the ETR is capable of generating a Map-Reply message that is sent back
to the ITR since it has reachability across (at least one) common locator space.
• If the ITR (source EID) and ETR (destination EID) do not share at least one RLOC in a common locator
scope, the map server sends a proxy Map-Reply message to the ITR that includes a list of RTRs that are
capable of connecting the disjointed locator space between the ITR and ETR.
• If the RLOCs associated with the ITR (source EID) and ETR (destination EID) do not match any
configured locator scopes, the map server forwards the Map-Request message to the ETR as normal. In
this case, the RLOCs are assumed to be reachable via routing, even though they are not defined in any
locator scope configuration.
LISP data plane packets flow directly between sites when the sites share locator space. An RTR is used to
connect LISP data plane packets when locator spaces between the sites are disjointed.
LISP RTR
A re-encapsulating tunnel router (RTR) provides data plane communications support for LISP-to-LISP traffic
between LISP sites that do not share common locator space. Functionally, an RTR takes in LISP encapsulated
packets from an ITR in one locator scope, decapsulates them, does a map-cache lookup, and then re-encapsulates
them to an ETR in another locator scope. The following are important considerations for an RTR:
• The RTR itself must have RLOCs in all locator scopes that are being joined.
• An RTR sends Map-Request messages to populate its own map cache. As a Map-Request message
contains an ITR RLOC field that is populated with one or more entries corresponding to the locators of
the device sending the Map-Request message, the RTR in this case, the locator set configuration is also
required on the RTR to define its locators. This enables the map server to correctly receive Map-Requests
from the RTR to assess locator scope connectivity.
• An RTR performs functions similar to a proxy ingress tunnel router (PITR) and proxy egress tunnel
router (PETR), therefore these features must be enabled on the RTR.
Referring to Figure 1, the tasks below illustrate the configuration steps required to provide Locator/ID
Separation Protocol (LISP) Disjoint Routing Locator (RLOC) support for cross address-family (IPv4/IPv6)
connectivity.
• Ingress/Egress tunnel router (xTR) represents the LISP Site router. In Figure 1, xTR4 only has RLOC
connectivity to the IPv4 Internet, and xTR6 only has RLOC connectivity to the IPv6 Internet.
• Map server map resolver (MSMR) represents the MSMR supporting the LISP control plane.
• Re-encapsulating tunnel router (RTR) represents the LISP data plane device that joins locator scopes.
Configuring xTR
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ip address ip-address mask
5. ipv6 address ipv6-address/ipv6-prefix
6. interface type number
7. ip address ip-address mask
8. router lisp
9. locator-set locator-set-name
10. ipv4-address priority priority-locator weight locator-weight
11. ipv6-address priority priority-locator weight locator-weight
12. exit
13. eid-table default instance-id id
14. database-mapping dynamic-eid-prefix/prefix-length locator-set name
15. database-mapping dynamic-eid-prefix/prefix-length locator-set name
16. exit
17. ipv4 itr map-resolver map-resolver-address
18. ipv4 itr
19. ipv4 etr map-server map-server-address key authentication-key
20. ipv4 etr
21. ipv6 itr map-resolver map-resolver-address
22. ipv6 itr
23. ipv6 etr map-server map-server-address key authentication-key
24. ipv6 etr
25. exit
26. ip route prefix mask ip-address
27. end
DETAILED STEPS
Example:
Device# configure terminal
Step 3 interface type number Specifies the interface type and number and enters interface
configuration mode.
Example:
Device(config)# interface loopback0
Step 4 ip address ip-address mask Configures an IPv4 address for the interface.
Example:
Device(config-if)# ip address 10.10.10.4
255.255.255.0
Step 5 ipv6 address ipv6-address/ipv6-prefix Configures an IPv6 address for the interface.
Example:
Device(config-if)# ipv6 address
2001:DB8:0:ABCD::1/64
Step 6 interface type number Specifies the interface type and number and enters interface
configuration mode.
Example:
Device(config)# interface ethernet0/0
Step 7 ip address ip-address mask Configures an IPv4 address for the interface.
Example:
Device(config-if)# ip address 10.0.4.1
255.255.255.252
Example:
Device(config-if)# router lisp
Step 9 locator-set locator-set-name Specifies a locator set and enters LISP locator set configuration
mode.
Example:
Device(config-router-lisp)# locator-set R4
Step 10 ipv4-address priority priority-locator weight Configures the LISP locator set. The LISP locator set is the
locator-weight set of addresses the first-hop router uses when communicating
with the gateway xTR. You can configure each IPv4 locator
Step 11 ipv6-address priority priority-locator weight Configures the LISP locator set. The LISP locator set is the
locator-weight set of addresses the first-hop router uses when communicating
with the gateway xTR. You can configure each IPv6 locator
Example: address by creating a locator entry with assigned priority and
Device(config-router-lisp-locator-set)# weight.
2001:DB8:4::2 priority 1 weight 1
Step 12 exit Exits LISP locator set configuration mode and returns to LISP
configuration mode.
Example:
Device(config-router-lisp-locator-set)# exit
Step 13 eid-table default instance-id id Configures an association between the default (global) routing
table and a LISP instance ID, and enters EID table
Example: configuration mode.
Device(config-router-lisp)# eid-table default
instance-id 0
Step 16 exit Exits EID table configuration mode and returns to LISP
configuration mode.
Example:
Device(config-router-lisp-eid-table)# exit
Step 17 ipv4 itr map-resolver map-resolver-address Configures a locator address for the LISP map resolver to
which this device will send Map-Request messages for IPv4
Example: endpoint identifier-to-routing locator (EID-to-RLOC) mapping
Device(config-router-lisp)# ipv4 itr resolutions.
map-resolver 10.0.2.1
• The locator address of the map resolver may be an IPv4
or IPv6 address.
Step 19 ipv4 etr map-server map-server-address key Configures the IPv4 locator address of the LISP map server to
authentication-key be used by the egress tunnel router (ETR) when registering
itself for IPv4 endpoint identifiers (EIDs).
Example:
Device(config-router-lisp)# ipv4 etr
map-server 10.0.2.1 key R4KEY
Step 20 ipv4 etr Enables LISP ETR functionality for an IPv4 address family.
Example:
Device(config-router-lisp)# ipv4 etr
Step 21 ipv6 itr map-resolver map-resolver-address Configures a locator address for the LISP map resolver to
which this router will send Map-Request messages for IPv6
Example: EID-to-RLOC mapping resolutions.
Device(config-router-lisp)# ipv6 itr
map-resolver 10.0.2.1 • The locator address of the map resolver may be an IPv4
or IPv6 address.
Example:
Device(config-router-lisp)# ipv6 itr
Step 23 ipv6 etr map-server map-server-address key Configures the IPv6 locator address for the LISP map server
authentication-key to be used by the ETR when registering for IPv6 EIDs.
Example:
Device(config-router-lisp)# ipv6 etr
map-server 10.0.2.1 key R4KEY
Step 24 ipv6 etr Enables LISP ETR functionality for an IPv6 address family.
Example:
Device(config-router-lisp)# ipv6 etr
Step 26 ip route prefix mask ip-address Establishes static routes to the next hop destination.
Example:
Device(config)# ip route 0.0.0.0 0.0.0.0
10.0.4.2
Example:
Device(config)# end
Configuring MSMR
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ip address ip-address mask
5. ipv6 address ipv6-address/ipv6-prefix
6. router lisp
7. locator-set locator-set-name
8. ipv4-address priority priority-locator weight locator-weight
9. exit
10. Repeat Step 7 to Step 9 to specify and configure another locator set.
11. locator-scope name
12. rtr-locator-set locator-set-name
13. rloc-prefix ipv4-rloc-prefix
14. exit
15. Repeat Step 11 to Step 14 to specify and configure another locator scope.
16. site site-name
17. authentication-key password
18. eid-prefix ipv4-eid-prefix
19. eid-prefix ipv6-eid-prefix
20. exit
21. Repeat Step 16 to Step 20 to configure another LISP site on the map server.
22. ipv4 map-server
23. ipv6 map-server
24. ipv4 map-resolver
25. ipv6 map-resolver
26. exit
27. ip route prefix mask ip-address
28. ipv6 route ipv6-prefix/prefix-length ipv6-address
29. end
DETAILED STEPS
Example:
Device# configure terminal
Step 3 interface type number Specifies the interface type and number and enters
interface configuration mode.
Example:
Device(config)# interface ethernet0/0
Step 4 ip address ip-address mask Configures an IPv4 address for the interface.
Example:
Device(config-if)# ip address 10.0.2.1
255.255.255.252
Step 5 ipv6 address ipv6-address/ipv6-prefix Configures an IPv6 address for the interface.
Example:
Device(config-if)# ipv6 address 2001:DB8:1::1/64
Example:
Device(config-if)# router lisp
Step 7 locator-set locator-set-name Specifies a locator set and enters LISP locator set
configuration mode.
Example:
Device(config-router-lisp)# locator-set rtr-set1
Step 8 ipv4-address priority priority-locator weight Configures the LISP locator set. The LISP locator set
locator-weight is the set of addresses the first-hop router uses when
communicating with the gateway xTR. You can
Example: configure each locator address by creating a locator
Device(config-router-lisp-locator-set)# 10.0.3.1 entry with assigned priority and weight.
priority 1 weight 1
Step 9 exit Exits LISP locator set configuration mode and returns
to LISP configuration mode.
Example:
Device(config-router-lisp-locator-set)# exit
Step 13 rloc-prefix ipv4-rloc-prefix Specifies the RLOC prefix to check against ingress
tunnel router (ITR) RLOC and egress tunnel router
Example: (ETR) RLOC.
Device(config-router-lisp-locator-scope)#
rloc-prefix 0.0.0.0/0
Step 14 exit Exits LISP locator set configuration mode and returns
to LISP configuration mode.
Example:
Device(config-router-lisp-locator-set)# exit
Step 17 authentication-key password Specifies the authentication key that the LISP site uses.
Example:
Device(config-router-lisp-site)#
authentication-key R4KEY
Example:
Device(config-router-lisp-site)# eid-prefix
10.10.10.0/24
Example:
Device(config-router-lisp-site)# eid-prefix
2001:DB8::/48
Step 20 exit Exits LISP site configuration mode and returns to LISP
configuration mode.
Example:
Device(config-router-lisp-site)# exit
Example:
Device(config-router-lisp)# ipv4 map-server
Example:
Device(config-router-lisp)# ipv6 map-server
Example:
Device(config-router-lisp)# ipv4 map-resolver
Example:
Device(config-router-lisp)# ipv6 map-resolver
Step 27 ip route prefix mask ip-address Establishes static routes to the next hop destination.
Example:
Device(config)# ip route 0.0.0.0 0.0.0.0 10.0.2.2
Step 28 ipv6 route ipv6-prefix/prefix-length ipv6-address Establishes static routes to the next hop destination.
Example:
Device(config)# ipv6 route ::/0 2001:DB8:1::ABCD
Example:
Device(config)# end
Configuring RTR
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ip address ip-address mask
5. ipv6 address ipv6-address/ipv6-prefix
6. router lisp
7. locator-set locator-set-name
8. ipv4-address priority priority-locator weight locator-weight
9. ipv6-address priority priority-locator weight locator-weight
10. exit
11. map-request itr-rlocs locator-set-name
12. eid-table default instance-id id
13. map-cache ipv4-EID-prefix map-request
14. map-cache ipv6-EID-prefix map-request
15. exit
16. ipv4 map-request-source source-address
17. ipv4 map-cache-limit cache-limit
18. ipv4 proxy-etr
19. ipv4 proxy-itr ipv4-local-locator ipv6-local-locator
20. ipv4 itr map-resolver map-resolver-address
21. ipv6 map-request-source source-address
22. ipv6 map-cache-limit cache-limit
23. ipv6 proxy-etr cache-limit
24. ipv6 proxy-itr ipv6-local-locator ipv4-local-locator
25. ipv6 itr map-resolver map-resolver-address
26. exit
27. ip route prefix mask ip-address
28. ipv6 route ipv6-prefix/prefix-length ipv6-address
29. end
DETAILED STEPS
Example:
Device# configure terminal
Step 3 interface type number Specifies the interface type and number and enters interface
configuration mode.
Example:
Device(config)# interface ethernet0/0
Step 4 ip address ip-address mask Configures an IPv4 address for the interface.
Example:
Device(config-if)# ip address 10.0.3.1
255.255.255.252
Step 5 ipv6 address ipv6-address/ipv6-prefix Configures an IPv6 address for the interface.
Example:
Device(config-if)# ipv6 address
2001:DB8:2::1/64
Example:
Device(config-if)# router lisp
Step 7 locator-set locator-set-name Specifies a locator set and enters LISP locator set configuration
mode.
Example:
Device(config-router-lisp)# locator-set setALL
Step 8 ipv4-address priority priority-locator weight Configures an IPv4 or IPv6 address and policy for the
locator-weight re-encapsulation tunnel router (RTR).
Example:
Device(config-router-lisp-locator-set)#
10.0.3.1 priority 1 weight 1
Step 9 ipv6-address priority priority-locator weight Configures an IPv4 or IPv6 address and policy for the RTR.
locator-weight
Example:
Device(config-router-lisp-locator-set)#
2001:DB8:2::1 priority 1 weight 1
Step 11 map-request itr-rlocs locator-set-name Configures the locator set to be used as routing locators
(RLOCs) in the ingress tunnel router (ITR) RLOC field of
Example: Map-Request messages sent from the RTR.
Device(config-router-lisp)# map-request
itr-rlocs setALL
Step 12 eid-table default instance-id id Configures an association between the default (global) routing
table and a LISP instance ID, and enters EID table
Example: configuration mode.
Device(config-router-lisp)# eid-table default
instance-id 0
Step 14 map-cache ipv6-EID-prefix map-request Configures static EID-to-RLOC mappings for an ITR and
enables sending of Map-Request message for a LISP
Example: destination EID.
Device(config-router-lisp-eid-table)#
map-cache ::/0 map-request
Step 15 exit Exits LISP EID table configuration mode and returns to LISP
configuration mode.
Example:
Device(config-router-lisp-eid-table)# exit
Step 16 ipv4 map-request-source source-address Specifies the IPv4 source address to be used in LISP IPv4
Map-Request messages. The ITR RLOCs configured under
Example: Steps 7 through 10, and Step 11 take precedence. However,
Device(config-router-lisp)# ipv4 this step (16) is still required.
map-request-source 10.0.3.1
Step 17 ipv4 map-cache-limit cache-limit (Optional) Specifies maximum number of IPv4 LISP map
cache entries allowed to be stored on the router. The valid
Example: range is from 0 to 100000.
Device(config-router-lisp)# ipv4
map-cache-limit 100000
Step 18 ipv4 proxy-etr Configures a device to act as an IPv4 LISP proxy egress tunnel
router (PETR).
Example:
Device(config-router-lisp)# ipv4 proxy-etr
Step 19 ipv4 proxy-itr ipv4-local-locator ipv6-local-locator Configures this device to act as an IPv4 proxy ingress tunnel
router (PITR), and configures the IPv4 and IPv6 locator
Example: addresses used as a source address for encapsulation of data
Device(config-router-lisp)# ipv4 proxy-itr packets.
10.0.3.1 2001:DB8:2::1
Step 22 ipv6 map-cache-limit cache-limit (Optional) Specifies the maximum number of IPv6 LISP map
cache entries allowed to be stored on the device. The valid
Example: range is from 0 to 100000.
Device(config-router-lisp)# ipv6
map-cache-limit 100000
Step 23 ipv6 proxy-etr cache-limit Configures a device to act as an IPv6 LISP PETR.
Example:
Device(config-router-lisp)# ipv6 proxy-etr
Step 24 ipv6 proxy-itr ipv6-local-locator ipv4-local-locator Configures this device to act as an IPv6 PITR, and configures
the IPv4 and IPv6 locator addresses used as a source address
Example: for encapsulation of data packets.
Device(config-router-lisp)# ipv6 proxy-itr
2001:DB8:2::1 10.0.3.1
Step 25 ipv6 itr map-resolver map-resolver-address Configures a locator address for the LISP map resolver to
which this router will send Map-Request messages for IPv6
Example: EID-to-RLOC mapping resolutions.
Device(config-router-lisp)# ipv6 itr
map-resolver 10.0.2.1 • The locator address of the map resolver may be an IPv4
Device(config-router-lisp)# ipv6 itr or IPv6 address.
map-resolver 2001:DB8:1::1
Step 27 ip route prefix mask ip-address Establishes static routes to the next hop destination.
Example:
Device(config)# ip route 0.0.0.0 0.0.0.0
10.0.3.2
Example:
Device(config)# ipv6 route ::/0
2001:DB8:ABCD::1
Example:
Device(config)# end
1. enable
2. show ip lisp database
3. show ipv6 lisp database
4. show lisp site detail
5. show ip lisp map-cache
6. show ipv6 lisp map-cache
DETAILED STEPS
Step 2 show ip lisp database Displays Locator/ID Separation Protocol (LISP) egress tunnel
router (ETR) configured local IPv4 endpoint identifier (EID)
Example: prefixes and associated locator sets.
Device# show ip lisp database
Step 3 show ipv6 lisp database Displays LISP ETR configured local IPv6 EID prefixes and
associated locator sets.
Example:
Device# show ipv6 lisp database
Step 4 show lisp site detail Displays details of LISP sites configured on a LISP map server.
Example:
Device# show lisp site detail
Step 6 show ipv6 lisp map-cache Displays the current dynamic and static IPv6 EID-to-RLOC map
cache entries.
Example:
Device# show ipv6 lisp map-cache
The examples below show the complete configuration for the LISP topology illustrated in the figure above.
Device> enable
Device# configure terminal
Device(config)# interface loopback0
Device(config-if)# ip address 10.10.10.4 255.255.255.0
Device(config-if)# ipv6 address 2001:DB8:0:ABCD::1/64
Device(config-if)# interface ethernet0/0
Device(config-if)# ip address 10.0.4.1 255.255.255.252
Device(config-if)# router lisp
Device(config-router-lisp)# locator-set R4
Device(config-router-lisp-locator-set)# 10.0.4.1 priority 1 weight 1
Device(config-router-lisp-locator-set)# exit
Device(config-router-lisp)# eid-table default instance-id 0
Device(config-router-lisp-eid-table)# database-mapping 10.10.10.0/24 locator-set R4
Device(config-router-lisp-eid-table)# database-mapping 2001:DB8::/48 locator-set R4
Device(config-router-lisp-eid-table)# exit
Device(config-router-lisp)# ipv4 itr map-resolver 10.0.2.1
Device(config-router-lisp)# ipv4 itr
Device(config-router-lisp)# ipv4 etr map-server 10.0.2.1 key R4KEY
Device(config-router-lisp)# ipv4 etr
Device(config-router-lisp)# ipv6 itr map-resolver 10.0.2.1
Device(config-router-lisp)# ipv6 itr
Device(config-router-lisp)# ipv6 etr map-server 10.0.2.1 key R4KEY
Device(config-router-lisp)# ipv6 etr
Device(config-router-lisp)# exit
Device(config)# ip route 0.0.0.0 0.0.0.0 10.0.4.2
Device> enable
Device# configure terminal
Device(config)# interface loopback0
Device(config-if)# ip address 172.16.0.4 255.255.255.0
Device(config-if)# ipv6 address 2001:DB8::4/64
Device(config-if)# interface ethernet0/0
Device(config-if)# ipv6 address 2001:DB8:4::2/64
Device(config-if)# router lisp
Device(config-router-lisp)# locator-set R6
Device(config-router-lisp-locator-set)# 2001:DB8:4::2 priority 1 weight 1
Device(config-router-lisp-locator-set)# exit
Device(config-router-lisp)# eid-table default instance-id 0
Device(config-router-lisp-eid-table)# database-mapping 172.16.0.2/24 locator-set R4
Device(config-router-lisp-eid-table)# database-mapping 2001:DB8::1/48 locator-set R4
Device(config-router-lisp-eid-table)# exit
Device(config-router-lisp)# ipv4 itr map-resolver 2001:DB8:3::2
Device(config-router-lisp)# ipv4 itr
Device(config-router-lisp)# ipv4 etr map-server 2001:DB8:3::2 key R4KEY
Device(config-router-lisp)# ipv4 etr
Device(config-router-lisp)# ipv6 itr map-resolver 2001:DB8:3::2
Device(config-router-lisp)# ipv6 itr
Device(config-router-lisp)# ipv6 etr map-server 2001:DB8:3::2 key R4KEY
Device(config-router-lisp)# ipv6 etr
Device(config-router-lisp)# exit
Device(config)# ipv6 route ::/0 2001:DB8:4::1
.
.
10.10.10.0/24, locator-set R4
Locator Pri/Wgt Source State
10.0.4.1 1/1 cfg-addr site-self, reachable
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries
.
.
.
172.16.0.2/24, uptime: 00:01:14, expires: 00:13:44, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.3.1 00:01:14 up 1/1
LISP IPv6 Mapping Cache for EID-table default (IID 0), 2 entries
.
.
.
2001:DB8::1/48, uptime: 00:02:18, expires: 00:12:44, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.3.1 00:02:18 up 1/1
Technical Assistance
Description Link
The Cisco Support and Documentation website http://www.cisco.com/cisco/web/support/index.html
provides online resources to download documentation,
software, and tools. Use these resources to install and
configure the software and to troubleshoot and resolve
technical issues with Cisco products and technologies.
Access to most tools on the Cisco Support and
Documentation website requires a Cisco.com user ID
and password.
1 Customer A has 2 LISP sites, site1 and site2, each having an xTR (a device performing the role of ETR
and ITR). Site 1 and Site 2 register with the Map-Servers (of the Map-Server/Map-Resolver [MSMR]
devices) supporting the LISP control plane for the LISP VPN with instance ID 1. The Map-Server
automatically records the registration RLOCs for both sites, and dynamically pushes this list of valid
RLOCs to both sites. In this way, site 1 and site 2 of the customer A LISP VPN can send traffic between
each other. No other LISP encapsulated traffic is permitted, as the source RLOC will not match the valid
source RLOC list.
2 Customer N also has 2 LISP sites, site1 and site2, and both register to the Map-Servers supporting the
LISP control plane for this LISP VPN with instance ID 2. The Map-Server automatically records the
registration RLOCs for both sites, and dynamically pushes this list of valid RLOCs to both sites. In this
way, site 1 and site 2 of the customer N LISP VPN can send traffic between each other. No other LISP
encapsulated traffic is permitted, as the source RLOC will not match the valid source RLOC list.
In addition to the automatically learned source RLOCs of registering LISP sites, the per-IID (instance ID)
membership list can be extended to include specific source RLOCs of valid devices that do no register, such
as PxTRs. When this feature is deployed, the source RLOCs of the PxTR is made available with the xTRs.
Some pointers for implementing source RLOC decapsulation filtering are given below :
• For Map-Servers to be able to construct the complete list of members for an EID instance ID, they must
receive registrations from all the xTRs participating in the customer VPN.
• Map-Servers construct the EID instance ID-RLOC membership list using the RLOC information in the
received mapping records in map-register messages.
• All IP prefixes associated with a specific instance ID must be delegated from a common Map-Server to
ensure that these Map-Servers can construct a complete RLOC set for the given LISP VPN.
• All xTRs within a VPN must register with a common set of Map-Servers.
• PxTRs do not (normally) register with the Map-Servers, such that the Map-Servers could discover the
PxTR RLOC, and that the Map-Servers could distribute learned RLOCs to the PxTRs. Thus, PxTR
RLOCs need to be manually configured on the Map-Server.
• The EID instance membership lists built by Map-Servers are communicated only to xTRs and PxTRs
that are members of the VPN.
Note Steps 5 to 10 are optional. You can use those to modify the list of RLOC addresses (filter list) discovered
by the Map-Server.
SUMMARY STEPS
1. enable
2. configure terminal
3. router lisp
4. map-server rloc members distribute
5. locator-set locator-set-name
6. ipv4-address priority value weight value
7. exit
8. eid-table vrf vrf-name instance-id iid
9. map-server rloc members modify-discovered add locator-set locator-set-name
10. exit
DETAILED STEPS
Example:
Device# configure terminal
Example:
Device(config)# router lisp
Step 4 map-server rloc members distribute Enables distribution of the list of EID prefixes to xTRs at the
customer end.
Example:
Device(config-router-lisp)# map-server rloc
members distribute
Step 5 locator-set locator-set-name (Optional) Specifies a locator set for the PxTR and enters
LISP locator set configuration mode.
Example:
Device(config-router-lisp)# locator-set PTR_set
Step 6 ipv4-address priority value weight value (Optional) Configures the LISP locator set. You can configure
each locator address by creating a locator entry with an
Example: assigned priority and weight
Device(config-router-lisp-locator-set)#
10.10.10.1 priority 1 weight 1
Step 8 eid-table vrf vrf-name instance-id iid (Optional) Configures an association between a VRF table
and a LISP instance ID, and enters eid-table configuration
Example: submode.
Device(config-router-lisp)# eid-table vrf
cust-A instance-id 1
Step 9 map-server rloc members modify-discovered add (Optional) Adds RLOC addresses in the specified locator set
locator-set locator-set-name to the list of discovered RLOC addresses.
Note The updated list will be sent to the xTRs at the
Example: customer end when the distribution option is
Device(config-router-lisp-eid-table)#
map-server rloc members modify-discovered add enabled.
locator-set PTR_set
To enable data plane security on the xTRs belonging to customer A (as shown in the image), configure the
xTR at site1, as shown below:
SUMMARY STEPS
1. enable
2. configure terminal
3. router lisp
4. decapsulation filter rloc source member
5. exit
DETAILED STEPS
Example:
Device# configure terminal
Example:
Device(config)# router lisp
Step 4 decapsulation filter rloc source member Enables source RLOC address validation of LISP
packets.
Example:
Device(config-router-lisp)# decapsulation filter
rloc source member
What to Do Next
• The above steps enable data plane security for the xTR at one of customer A's sites, 'site1'. You need to
repeat the steps to enable RLOC decapsulation filtering for customer A's second site, 'site2'.
Configuring PxTR
To configure the PxTR, perform the steps given below:
SUMMARY STEPS
1. enable
2. configure terminal
3. router lisp
4. decapsulation filter rloc source members
5. exit
DETAILED STEPS
Example:
Device# configure terminal
Example:
Device(config)# router lisp
Step 4 decapsulation filter rloc source members Enables source RLOC address validation of LISP
packets.
Example:
Device(config-router-lisp)# decapsulation filter
rloc source members
What to Do Next
• Configure any other PxTR as needed.
SUMMARY STEPS
DETAILED STEPS
Example:
Device# show lisp session
This command displays reliable transport session information. If there is more than one transport session, the corresponding
information will be displayed.
Step 2 show lisp site rloc members [instance-id iid]
Example:
Device# show lisp site rloc members
LISP RLOC membership for EID table default (IID 0), 5 entries
The Origin column displays configuration details of the RLOC member – whether the RLOC member is manually
configured, automatically gleaned from received registrations, or both. The Valid column shows whether the RLOC is
a valid member that is distributed to (P)xTRs. A listed RLOC may not be valid if it is gleaned from registrations but the
'override' option is used in the 'modify-discovered' configuration, and the specified locator-set does not include the RLOC.
SUMMARY STEPS
DETAILED STEPS
Example:
Device# show lisp session
This command displays reliable transport session information. If there is more than one transport session, the corresponding
information will be displayed.
Step 2 show lisp decapsulation filter [IPv4-rloc-address | IPv6-rloc-address] [eid-table eid-table-vrf | instance-id iid]
Example:
Device# show lisp decapsulation filter instance-id 0
The RLOC address configuration details (whether it is manually configured or discovered) on a (P)xTR is displayed in
the above table.
Step 3 show cef source-filter table
Example:
Device# show cef source-filter table
[lisp:0:0:IPv4] state [enabled, active], 0 entries, refcount 3, flags [], action [drop]
Database epoch 0
Hits 0, misses 0, fwd 0, drop 0
Example:
Device# debug lisp control-plane eid-membership
Example:
Device# debug lisp control-plane session
Note Steps for adding the locator set and the RLOC address are optional. You can use those steps to modify
the list of RLOC addresses (filter list) discovered by the Map-Server.
Device> enable
Device# configure terminal
Device(config)# router lisp
Device(config-router-lisp)# map-server rloc members distribute
Device(config-router-lisp)# locator-set PTR_set
Device(config-router-lisp-locator-set)# 10.10.10.1 priority 1 weight 1
Device(config-router-lisp-locator-set)# exit
Device(config-router-lisp)# eid-table vrf cust-A instance-id 1
Device(config-router-lisp-eid-table)# map-server rloc members modify-discovered add
locator-set PTR_set
Device(config-router-lisp-eid-table)# exit
Repeat the above steps to configure one or more map servers, as needed
The above steps enable data plane security for the xTR at one of customer sites. You must repeat the steps to
enable RLOC decapsulation filtering for other sites.
Locator/ID Separation Protocol (LISP) commands Cisco IOS IP Routing: LISP Command Reference
Standard/RFC Title
RFC 6830 Locator/ID Separation Protocol (LISP)
MIBs
Technical Assistance
Description Link
The Cisco Support website provides extensive online http://www.cisco.com/cisco/web/support/index.html
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.
The LISP reliable map registration mechanism as shown in the figure is described below:
Note When TCP based map registration is not supported by map server then ETR uses UDP
based map registration to establish a session with the map server.
• Once the TCP session is established, map-server sends a registration refresh message to the ETR.
• ETR sends map registrations to the map server through the TCP connection.
• Map server acknowledges for the map registrations.
Note There are no configuration commands for this feature. This feature is turned on automatically.
registers to two map server/map resolver (MSMR) devices in the network core. The topology used in verifying
LISP Reliable Registration is as shown in the figure below.
In the following output, a ‘#’ sign in the ‘Up’ column indicates reliable map registration session.
Device# show lisp site
In the following output, no ‘#’ sign in the ‘Up’ column indicates that the Old MSMR does not support reliable
map registration.
Device# show lisp site
Standard/RFC Title
RFC 6830 The Locator/ID Separation Protocol (LISP)
Technical Assistance
Description Link
The Cisco Support and Documentation website http://www.cisco.com/cisco/web/support/index.html
provides online resources to download documentation,
software, and tools. Use these resources to install and
configure the software and to troubleshoot and resolve
technical issues with Cisco products and technologies.
Access to most tools on the Cisco Support and
Documentation website requires a Cisco.com user ID
and password.
Endpoint ID (EID)
An EID value for IPv4 is 32 bit and EID value for IPv6 is 128-bit. EIDs are used in the source and destination
address fields of the first LISP header of a packet.
EID-Prefix
An EID-Prefix is a power-of-two blocks of EIDs allocated to a LISP site by an address allocation authority.
Register 3.1.0.0/16 with MS, which is more specific and overlap with 3.0.0.0/8 prefix registered from xTR3.
router lisp
database-mapping 192.168.0.0/16 10.0.0.4 priority 1 weight 100
database-mapping 192.0.2.0/8 10.0.0.4 priority 1 weight 100
Router IP Address
MSMR 10.0.0.1
xTR2 10.0.0.2
xTR3 10.0.0.3
xTR4 10.0.0.4
MS/MR Output:
Device# show lisp site
Register Registered ID
site2 00:15:08 yes# 10.0.0.2 2.0.0.0/8
site3 00:15:05 yes# 10.0.0.3 3.0.0.0/8
00:15:01 yes# 10.0.0.4 3.1.0.0/16
site4 00:15:01 yes# 10.0.0.4 4.0.0.0/8
xTR1 Output:
Device# show ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 3 entries
LISP IPv4 Mapping Cache for EID-table default (IID 0), 3 entries
Prefix Producer
3.1.0.0/16 mapping-notification
xTR3 Output:
Device# show ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries
Standard/RFC Title
RFC 6830 The Locator/ID Separation Protocol (LISP)
Technical Assistance
Description Link
The Cisco Support and Documentation website http://www.cisco.com/cisco/web/support/index.html
provides online resources to download documentation,
software, and tools. Use these resources to install and
configure the software and to troubleshoot and resolve
technical issues with Cisco products and technologies.
Access to most tools on the Cisco Support and
Documentation website requires a Cisco.com user ID
and password.
Note There is no configuration commands for this feature. This feature is turned on automatically.
Solicit-Map-Request (SMR)
Soliciting a Map-Request enables ETRs to control requests for Map-Reply messages when there is change in
database mapping. SMRs enable remote ITRs to update the database mappings that are cached. An SMR
message is simply a bit set in a Map-Request message. An ITR or PITR will send a Map-Request when they
receive an SMR message.
Note There is no configuration commands for this feature. This feature is turned on automatically.
Note There are no configuration commands for this feature. This feature is turned on automatically.
• PxTR1 works as a Proxy Ingress Tunnel Router (PITR) and Proxy Egress Tunnel Router (PETR) between
the network with 10.0.0.0/8 prefix and the LISP sites.
• Only static routing protocols are used in this setup to reduce control traffic.
*Feb 19 22:08:15.290: LISP-0: EID-AF IPv4, Sending map-request from 172.16.0.12 to 172.16.0.12
for EID 172.16.0.12/32, ITR-RLOCs 1,
nonce 0x4D04AB2F-0x99FF6FF5 (encap src 198.51.100.21, dst 209.165.201.41).
Device#
*Feb 19 22:08:16.333: LISP: Send map request type SMR
*Feb 19 22:08:16.333: LISP: Send map request for EID prefix IID 0 172.16.0.12/32
*Feb 19 22:08:16.333: LISP-0: AF IID 0 IPv4, Send SMR triggered map request for 172.16.0.12/32
(2) from 192.168.0.22.
*Feb 19 22:08:16.333: LISP-0: EID-AF IPv4, Sending map-request from 172.16.0.12 to 172.16.0.12
for EID 172.16.0.12/32, ITR-RLOCs 1,
nonce 0x4D04AB2F-0x99FF6FF5 (encap src 198.51.100.21, dst 209.165.201.41).
Device#
*Feb 19 22:08:18.423: LISP-0: Map Request IID 0 prefix 172.16.0.12/32 SMR[LL], Switching
Map-Resolver 209.165.201.41 to 209.165.201.31.
*Feb 19 22:08:18.423: LISP: Send map request type SMR
*Feb 19 22:08:18.423: LISP: Send map request for EID prefix IID 0 172.16.0.12/32
*Feb 19 22:08:18.423: LISP-0: AF IID 0 IPv4, Send SMR triggered map request for 172.16.0.12/32
(3) from 192.168.0.22.
*Feb 19 22:08:18.423: LISP-0: EID-AF IPv4, Sending map-request from 172.16.0.12 to 172.16.0.12
for EID 172.16.0.12/32, ITR-RLOCs 1,
nonce 0x5A4AC708-0x59A42AB6 (encap src 198.51.100.21, dst 209.165.201.31).
*Feb 19 22:08:18.424: LISP: Processing received Map-Reply(2) message on Ethernet0/0 from
209.165.201.31:4342 to 198.51.100.21:4342
*Feb 19 22:08:18.424: LISP: Received map reply nonce 0x5A4AC708-0x59A42AB6, records 1
xTR2's map-cache is updated upon map-reply from the map server:
Device# show ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 3 entries
Standard/RFC Title
RFC 6830 The Locator/ID Separation Protocol (LISP)
Technical Assistance
Description Link
The Cisco Support and Documentation website http://www.cisco.com/cisco/web/support/index.html
provides online resources to download documentation,
software, and tools. Use these resources to install and
configure the software and to troubleshoot and resolve
technical issues with Cisco products and technologies.
Access to most tools on the Cisco Support and
Documentation website requires a Cisco.com user ID
and password.
• Information About TTL Propagate Disable and Site-ID Qualification, page 255
• How to Configure Site ID Qualification, page 258
• How to Disable TTL Propagation, page 259
• Additional References for TTl Propagate Disable and Site-ID Qualification, page 261
• Feature Information for TTL Propagate Disable and Site-ID Qualification, page 262
LISP Site
LISP site is a set of routers in an edge network that are under a single technical administration. LISP routers
in the edge network are the demarcation points to separate the edge network from the core network.
Traceroute Tool
The traceroute tool is used to discover the routes that packets take when traveling to their destination.
Site ID Qualification
A site is best conceptualized as an authentication domain: A set of ETRs under the same administrative control.
The map server authenticates all ETRs in a site using the same shared key. Without the concept of a site, the
map server would be required to have prior knowledge of every ETR in the network along with its authentication
key. Site managers will not be able to deploy new ETRs without changing the configuration of the map servers.
When a site is considered as an authentication domain as opposed to a topological grouping, then it is easy
to see that the benefit of site ID qualification resides in the ability of reaching an EID prefix through ETRs
under different administrative control.
With Site ID Qualification, the map server can have the same prefix configuration under multiple sites. The
name of the feature stems from the requirement that any two sites with at least one prefix in common must
be qualified with a unique site IDs.
TTL Propagation
Figure 50: TTL Propagation Mechanism
When TTL propagation is enabled the traceroute tool can display all middle hops between an LISP ITR and
ETR. However, when RLOC and EID are of different address-family the traceroute output is undesirable.
When the above cross address-family situation exists, LISP does not propagate TTL between inner and outer
IPv4 or IPv6 headers. During encapsulation, ITR uses the maximum permissible TTL in the outer header
instead of using the TTL value from the inner header.
It is better to make the LISP tunnel between the ITR and ETR appear as a single hop to the client of traceroute.
This is done through the disable-ttl-propagate configuration CLI either for a specific eid-table or the entire
router lisp tag.
site B
conf t
router lisp
site A
site-id 1
authentication-key key2
eid-prefix 1.2.0.0/16 accept-more-specifics
Note Setup a new MSMR that has the same lazy configuration for two different sites.
enable
conf t
router lisp
locator-table default
site A
site-id 100
authentication-key key1
eid-prefix 0.0.0.0/0 accept-more-specifics
eid-prefix 2000:AAAA:BBBB::/96 accept-more-specifics
exit
!
site B
site-id 200
authentication-key key2
eid-prefix 0.0.0.0/0 accept-more-specifics
eid-prefix 10.0.0.0/8 accept-more-specifics
eid-prefix 21.0.0.0/8 accept-more-specifics
eid-prefix 2000:BBBB:AAAA::/96 accept-more-specifics
exit
ipv4 map-server
ipv4 map-resolver
ipv6 map-server
ipv6 map-resolver
exit
Note The TTL propagation can be disabled for a specific EID-table or an entire router LISP tag.
registers to two map server/map resolver (MSMR) devices in the network core. The topology used in verifying
TTL Propagate Disable is as shown in the figure below.
Note An IPv6 EID and IPv4 RLOC traceroute output will hide the middle hops between ITR and ETR even
when TTL propagation is not disabled.
After disabling TTL propagation, an IPv4 EID over IPv4 RLOC traceroute output appears as below
on Host A:
Device# traceroute 192.168.0.22
Standard/RFC Title
RFC 6830 The Locator/ID Separation Protocol (LISP)
Technical Assistance
Description Link
The Cisco Support and Documentation website http://www.cisco.com/cisco/web/support/index.html
provides online resources to download documentation,
software, and tools. Use these resources to install and
configure the software and to troubleshoot and resolve
technical issues with Cisco products and technologies.
Access to most tools on the Cisco Support and
Documentation website requires a Cisco.com user ID
and password.
Note VXLAN must not be configuration on the device when VXLAN encapsulation is enabled for LISP.
Conversely, VXLAN encapsulation for LISP must not be enabled when configuring other VXLAN
protocols.
Two deployment modes are supported, one is to configure border node as PxTR and the other is to configure
border node as XTR.
Branches-to-Campus direction:
• Branch routes will advertise its routes to border nodes of campus through EIGRP or BGP.
• Border nodes (PxTR) will not advertise routes to LISP MS/MR.
• On XTR, configure “ipv4 use-petr <rloc of PxTR> ”
Branches-to-Campus direction--Remote Branch (2.2.2.2) will advertise routes 20.20.20.2 to ASR1K xTR
(1.1.1.1) through BGP or EIGRP. On ASR1K xTR, configure “ipv4 route-import database bgp 100 …” under
LISP EID table to import BGP/EIGRP as LISP EID table. ASR1K xTR 2.2.2.2 will initiate MAP-register to
register the EID learnt from BGP.
Packet Flow with Control Plan Interworking
H1 to H2: SIP:10.10.10.1, DIP: 20.20.20.2
• Branch route 2.2.2.2 advertises routes 20.20.20.0/24 to LISP xTR 1.1.1.1 through BGP/EIGRP.
• LISP xTR 1.1.1.1 will import 20.20.20.0/24 into local EID table.
• LISP xTR 1.1.1.1 sends MAP-register to MS/MR to register 20.20.20.0/24 as its local EID
• H1 sends IP packets to xTR2 after it resolves the MAC address of xTR2.
• xTR2 sends map-request to resolve the device for 20.20.20.2 and the RLOC is 1.1.1.1
• xTR2 sends VxLAN encapsulated packets to 1.1.1.1
• RLOC 1.1.1.1 terminates VxLAN and forwards the packets to 2.2.2.2.
exit
!
router ospf 1
!
router bgp 100
bgp log-neighbor-changes
!
address-family ipv4 vrf vrf1
neighbor 100.0.0.2 remote-as 100
neighbor 100.0.0.2 activate
neighbor 200.0.0.1 remote-as 200
neighbor 200.0.0.1 ebgp-multihop 255
neighbor 200.0.0.1 update-source Tunnel1000
neighbor 200.0.0.1 activate
neighbor 200.0.0.1 send-community both
exit-address-family
!
address-family ipv4 vrf vrf2
neighbor 101.0.0.2 remote-as 100
neighbor 101.0.0.2 activate
neighbor 201.0.0.1 remote-as 200
neighbor 201.0.0.1 ebgp-multihop 255
neighbor 201.0.0.1 update-source Tunnel1001
neighbor 201.0.0.1 activate
neighbor 201.0.0.1 send-community both
exit-address-family
!
ip bgp-community new-format
ip community-list 10 permit 1000:1
ip community-list 11 permit 1000:2
!
route-map set_lisp_vrf1 permit 10
match community 10
!
route-map set_lisp_vrf2 permit 10
match community 11
!
!
MSMR configuration:
vrf definition vrf1
rd 1:1
!
address-family ipv4
exit-address-family
!
vrf definition vrf1000
rd 1000:1
!
address-family ipv4
exit-address-family
!
vrf definition vrf2
rd 1:2
!
address-family ipv4
exit-address-family
!
interface Loopback0
ip address 14.0.0.1 255.255.255.255
ip ospf 1 area 0
!
interface Tunnel1000
description “pxtr and msmr tunnel vrf1”
vrf forwarding vrf1
ip address 200.0.0.1 255.255.255.0
tunnel source GigabitEthernet3.6
tunnel destination 15.0.0.2
tunnel key 1000
!
interface Tunnel1001
description “pxtr and msmr tunnel vrf2”
vrf forwarding vrf2
ip address 201.0.0.1 255.255.255.0
!
address-family ipv4 vrf vrf1
redistribute lisp metric 11 route-map set_lisp_vrf1
neighbor 200.0.0.2 remote-as 100
neighbor 200.0.0.2 ebgp-multihop 255
neighbor 200.0.0.2 update-source Tunnel1000
neighbor 200.0.0.2 activate
neighbor 200.0.0.2 send-community both
exit-address-family
!
address-family ipv4 vrf vrf2
redistribute lisp metric 11 route-map set_lisp_vrf2
neighbor 201.0.0.2 remote-as 100
neighbor 201.0.0.2 ebgp-multihop 255
neighbor 201.0.0.2 update-source Tunnel1001
neighbor 201.0.0.2 activate
neighbor 201.0.0.2 send-community both
exit-address-family
!
!
ip bgp-community new-format
!
route-map set_lisp_vrf1 permit 10
match tag 100
set community 1000:1
!
route-map set_lisp_vrf2 permit 10
match tag 110
set community 1000:2
!
!
interface GigabitEthernet3.6
encapsulation dot1Q 6
ip address 13.0.0.2 255.255.255.0
ip ospf 1 area 0
!
interface GigabitEthernet3.7
encapsulation dot1Q 7
ip address 13.0.1.2 255.255.255.0
ip ospf 1 area 0
!
interface GigabitEthernet4
ip address 15.0.0.1 255.255.255.0
ip ospf 1 area 0
!
router lisp
encapsulation vxlan
locator-set set1
13.0.0.2 priority 1 weight 1
13.0.1.2 priority 1 weight 1
exit
!
eid-table default instance-id 0
database-mapping 2.2.2.2/32 locator-set set1
exit
!
eid-table vrf vrf1 instance-id 1
database-mapping 6.6.6.6/32 locator-set set1
ipv4 route-import database bgp 100 route-map match_com locator-set set1
exit
!
eid-table vrf vrf2 instance-id 2
database-mapping 6.6.6.6/32 locator-set set1
exit
!
ipv4 sgt //enable SGT function for SGT tag propagation//
exit
!
ipv4 use-petr 15.0.0.2
ipv4 itr map-resolver 14.0.0.1
ipv4 itr
ipv4 etr map-server 14.0.0.1 key cisco
ipv4 etr
exit
!
router ospf 1
!
router bgp 100
bgp log-neighbor-changes
!
address-family ipv4 vrf vrf1
redistribute static route-map tag_110
neighbor 150.0.0.1 remote-as 100
neighbor 150.0.0.1 activate
neighbor 150.0.0.1 send-community both
exit-address-family
ip bgp-community new-format
ip community-list 10 permit 200:1
ip route vrf vrf1 5.5.5.5 255.255.255.255 Null0 tag 110
!
route-map tag_110 permit 10
match tag 110
!
route-map match_com permit 10
match community 10
!